zeroflag opened a new pull request, #581: URL: https://github.com/apache/knox/pull/581
## What changes were proposed in this pull request? RemoteAliasService always regenerates the password if generates=true, unlike the other implementation. This causes problems with HA deployments where the RemoteAliasService is used but the zookeeper based keystore is turned off. Each knox instance ends up having a different pac4j.password. ## How was this patch tested? Using the following configs: ``` gateway.remote.alias.service.enabled=true gateway.remote.config.monitor.client=zookeeper-client gateway.service.alias.impl=org.apache.knox.gateway.services.security.impl.RemoteAliasService gateway.remote.alias.service.config.type=zookeeper gateway.remote.config.registry.zookeeper-client=type=ZooKeeper;address=ZKHOST:2181;authType=Kerberos;[email protected];keytab=/cdep/keytabs/knox.keytab;useKeyTab=true;useTicketCache=false ``` * I verified that redeployments and restarts doesn't change a user generated password. * I verified that after a clean start passwords are synchronized to both host. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
