KYLIN-1401 Passwords in kylin.properties should be enctrypted Project: http://git-wip-us.apache.org/repos/asf/kylin/repo Commit: http://git-wip-us.apache.org/repos/asf/kylin/commit/eb5deb31 Tree: http://git-wip-us.apache.org/repos/asf/kylin/tree/eb5deb31 Diff: http://git-wip-us.apache.org/repos/asf/kylin/diff/eb5deb31
Branch: refs/heads/1.x-staging Commit: eb5deb31e88f398258828f15542d68187c90ee8d Parents: d19eb0d Author: shaofengshi <[email protected]> Authored: Fri Feb 5 17:46:07 2016 +0800 Committer: shaofengshi <[email protected]> Committed: Fri Feb 5 17:46:07 2016 +0800 ---------------------------------------------------------------------- .../kylin/rest/security/PasswordPlaceholderConfigurer.java | 8 +++++++- website/_docs/howto/howto_ldap_and_sso.md | 4 ++-- 2 files changed, 9 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/kylin/blob/eb5deb31/server/src/main/java/org/apache/kylin/rest/security/PasswordPlaceholderConfigurer.java ---------------------------------------------------------------------- diff --git a/server/src/main/java/org/apache/kylin/rest/security/PasswordPlaceholderConfigurer.java b/server/src/main/java/org/apache/kylin/rest/security/PasswordPlaceholderConfigurer.java index d7aa119..36b498c 100644 --- a/server/src/main/java/org/apache/kylin/rest/security/PasswordPlaceholderConfigurer.java +++ b/server/src/main/java/org/apache/kylin/rest/security/PasswordPlaceholderConfigurer.java @@ -77,7 +77,13 @@ public class PasswordPlaceholderConfigurer extends PropertyPlaceholderConfigurer } public static void main(String[] args) { + if (args.length != 1) { + System.out.println("Usage: java org.apache.kylin.rest.security.PasswordPlaceholderConfigurer <your_password>"); + System.exit(1); + } + BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder(); - System.out.println(bCryptPasswordEncoder.encode("MODELER")); + System.out.println("The hash of your password is: "); + System.out.println(bCryptPasswordEncoder.encode(args[0])); } } http://git-wip-us.apache.org/repos/asf/kylin/blob/eb5deb31/website/_docs/howto/howto_ldap_and_sso.md ---------------------------------------------------------------------- diff --git a/website/_docs/howto/howto_ldap_and_sso.md b/website/_docs/howto/howto_ldap_and_sso.md index a810371..1102559 100644 --- a/website/_docs/howto/howto_ldap_and_sso.md +++ b/website/_docs/howto/howto_ldap_and_sso.md @@ -13,12 +13,12 @@ Kylin supports LDAP authentication for enterprise or production deployment; This #### Configure LDAP server info -Firstly, provide LDAP URL, and username/password if the LDAP server is secured; +Firstly, provide LDAP URL, and username/password if the LDAP server is secured; The password in kylin.properties need be salted; You can Google "Generate a BCrypt Password" or run org.apache.kylin.rest.security.PasswordPlaceholderConfigurer to get a hash of your password. ``` ldap.server=ldap://<your_ldap_host>:<port> ldap.username=<your_user_name> -ldap.password=<your_password> +ldap.password=<your_password_hash> ``` Secondly, provide the user search patterns, this is by LDAP design, here is just a sample:
