[
https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15829981#comment-15829981
]
Ankita Sinha commented on RANGER-1316:
--------------------------------------
This is causing issue in Ranger KMS startup. Have you tested it? I am reopening
the issue. Since the code is common for Ranger Admin and Ranger KMS, only after
successful testing of both components in regular and SSL mode, it is
recommended to commit the change. My suggestion is to create a consolidated
patch for EmbeddedServer refactoring changes.
> Ranger-Admin enable security mode should not depend on configuration logdir
> ---------------------------------------------------------------------------
>
> Key: RANGER-1316
> URL: https://issues.apache.org/jira/browse/RANGER-1316
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Reporter: Qiang Zhang
> Assignee: Qiang Zhang
> Priority: Minor
> Labels: security
> Fix For: 0.7.0
>
> Attachments:
> 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch
>
>
> Ranger-Admin enable security mode should not depend on configuration logdir,
> in fact, it should depend on whether hadoop.security.authentication is
> kerberos.
> If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
> the Ranger-Admin would not enable security mode.
> By the way, people who read the code will be confused,
> because logdir has nothing to do with security of Ranger-Admin.
> The code which have problem can be found in Java method
> EmbeddedServer.start():
> {code}
> if (getConfig("logdir") != null) {
> String keytab = getConfig(ADMIN_USER_KEYTAB);
> String principal = null;
> ......
> if (getConfig(AUTHENTICATION_TYPE) != null &&
>
> getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
> SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
> ......
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
