Robert Levas created AMBARI-8447:
------------------------------------
Summary: Update ConfigurationResourceProvider to handle Kerberos
Administrative Credentials as a special case
Key: AMBARI-8447
URL: https://issues.apache.org/jira/browse/AMBARI-8447
Project: Ambari
Issue Type: Improvement
Components: ambari-server
Affects Versions: 2.0.0
Reporter: Robert Levas
Assignee: Robert Levas
Fix For: 2.0.0
Certain configuration settings need to handled in special-case scenarios. For
example short-lived settings to be stored per request or session scope. Or
secure data the must not be stored in the Ambari database.
An example of this type of data is the administrative credentials used to
manage a KDC server. This _configuration_ data is short lived (per session)
and sensitive. Therefore, it must be handled as a special case.
To determine that a configuration request contains this data, the {{type}} of
the configuration is to be used. For this specific case, a configuration
{{type}} of *_kerberos_admin_identity_* will trigger the special case to secure
and store the administrative credentials in a file. Ideally if the _session_
data was available (see AMBARI-8426) a session-based encryption key would be
created and stored in session. That key would then be used to encrypt the data
from this request. The encrypted data and key would then be retrieved from the
_session_, decrypted, and used as needed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
