[
https://issues.apache.org/jira/browse/RANGER-1316?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15833352#comment-15833352
]
Qiang Zhang commented on RANGER-1316:
-------------------------------------
[~ankita.sinha] Ok, I will analyze the Ranger KMS startup issue with you as
soon as possible. Once we find the issue, we will inform you and provide a
patch for reviewal.
> Ranger-Admin enable security mode should not depend on configuration logdir
> ---------------------------------------------------------------------------
>
> Key: RANGER-1316
> URL: https://issues.apache.org/jira/browse/RANGER-1316
> Project: Ranger
> Issue Type: Bug
> Components: admin
> Reporter: Qiang Zhang
> Assignee: Ankita Sinha
> Priority: Minor
> Labels: security
> Fix For: 0.7.0
>
> Attachments:
> 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch,
> RANGER-1316.patch
>
>
> Ranger-Admin enable security mode should not depend on configuration logdir,
> in fact, it should depend on whether hadoop.security.authentication is
> kerberos.
> If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
> the Ranger-Admin would not enable security mode.
> By the way, people who read the code will be confused,
> because logdir has nothing to do with security of Ranger-Admin.
> The code which have problem can be found in Java method
> EmbeddedServer.start():
> {code}
> if (getConfig("logdir") != null) {
> String keytab = getConfig(ADMIN_USER_KEYTAB);
> String principal = null;
> ......
> if (getConfig(AUTHENTICATION_TYPE) != null &&
>
> getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
> SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
> ......
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
