[
https://issues.apache.org/jira/browse/AMBARI-8447?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14226212#comment-14226212
]
Tom Beerbower commented on AMBARI-8447:
---------------------------------------
[~rlevas],
I'm trying to understand the requirements for this better. Could you provide a
more concrete use case that I could step through?
Thanks.
> Update ConfigurationResourceProvider to handle Kerberos Administrative
> Credentials as a special case
> -----------------------------------------------------------------------------------------------------
>
> Key: AMBARI-8447
> URL: https://issues.apache.org/jira/browse/AMBARI-8447
> Project: Ambari
> Issue Type: Improvement
> Components: ambari-server
> Affects Versions: 2.0.0
> Reporter: Robert Levas
> Assignee: Robert Levas
> Labels: api, configuration, kerberos, session
> Fix For: 2.0.0
>
>
> Certain configuration settings need to handled in special-case scenarios. For
> example short-lived settings to be stored per request or session scope. Or
> secure data the must not be stored in the Ambari database.
> An example of this type of data is the administrative credentials used to
> manage a KDC server. This _configuration_ data is short lived (per session)
> and sensitive. Therefore, it must be handled as a special case.
> To determine that a configuration request contains this data, the {{type}} of
> the configuration is to be used. For this specific case, a configuration
> {{type}} of *_kerberos_admin_identity_* will trigger the special case to
> secure and store the administrative credentials in a file. Ideally if the
> _session_ data was available (see AMBARI-8426) a session-based encryption key
> would be created and stored in session. That key would then be used to
> encrypt the data from this request. The encrypted data and key would then be
> retrieved from the _session_, decrypted, and used as needed.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
