> On May 4, 2015, 5:04 a.m., Emil Anca wrote: > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java, > > line 276 > > <https://reviews.apache.org/r/33742/diff/1/?file=947002#file947002line276> > > > > Isn't this a feature we might reuse? If so we could provide a > > generically decribed interface with #createSecurePassword and have the Kerb > > Oper Handler implement it to expose reuseable functionality such as pass > > generation (or other features) to the non-kerberos code. Just a thought;
I agree that a generic password generation service might be useful... but it should be moved from the Kerberos logic to a separate entry point in the API. That said, the current API strucutre doesn't lend itself to RPC calls like this (meaning a password is not a resource that can be created, updated, retrueved and destroyed - well it can be created). However, let me investigate moving this code out to a more generic location in the code and maybe in the future we can add a password generation service via the API. - Robert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/33742/#review82362 ----------------------------------------------------------- On April 30, 2015, 9:02 p.m., Robert Levas wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/33742/ > ----------------------------------------------------------- > > (Updated April 30, 2015, 9:02 p.m.) > > > Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and > Yusaku Sako. > > > Bugs: AMBARI-10018 > https://issues.apache.org/jira/browse/AMBARI-10018 > > > Repository: ambari > > > Description > ------- > > The password generator used to generate passwords for identities needs to > generate passwords based on a rule set rather than just a random sequence of > characters. > > In a KDC (MIT or Active Directory), there may be a policy in place requiring > a certain characteristics for the password. By creating a password consisting > if 18 characters pulled randomly from > `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, > there is no guarantee that any specific policy will be met. > > The following rules should be settable: > + Length > + Minimum number of lowercase letters (`a-z`) > + Minimum number of uppercase letters (`A-Z`) > + Minimum number of digits (`0-9`) > + Minimum number of punctuation characters (`?.!$%^*()-_+=~`) > > > Diffs > ----- > > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java > f48c4cf > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java > 13fb49b > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java > a215a56 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java > 4925582 > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java > ed31ccf > > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java > a92fb12 > > ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml > 682d675 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java > 07094a7 > > ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java > 336090b > ambari-web/app/data/HDP2/site_properties.js a35104e > > Diff: https://reviews.apache.org/r/33742/diff/ > > > Testing > ------- > > Manual testing > > **Jenkins test results: PENDING** > > > Thanks, > > Robert Levas > >
