Re: Review Request 56163: RANGER-1341 : Use credential provider files to store passwords rather storing them in config file in clear text format

Wed, 15 Feb 2017 20:44:19 -0800 

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/56163/
-----------------------------------------------------------

(Updated Feb. 16, 2017, 4:43 a.m.)


Review request for ranger, Ankita Sinha, Don Bosco Durai, Gautam Borad, Abhay 
Kulkarni, Madhan Neethiraj, Mehul Parikh, Ramesh Mani, Selvamohan Neethiraj, 
Sailaja Polavarapu, and Velmurugan Periasamy.


Changes
-------

removed default values of keystore file paths and passwords.


Bugs: RANGER-1341
    https://issues.apache.org/jira/browse/RANGER-1341


Repository: ranger


Description
-------

**Problem Statement :** Below mentioned passwords properties in Ranger Admin 
and usersync contains password in clear text. password should not be stored in 
clear text format rather it should be stored in jceks file.
ranger.service.https.attrib.keystore.pass
ranger.truststore.password
ranger.usersync.keystore.password
ranger.usersync.truststore.password

**Proposed Solution :** Use Credential provider api to store password in jceks 
file.


Diffs (updated)
-----

  
embeddedwebserver/src/main/java/org/apache/ranger/server/tomcat/EmbeddedServer.java
 9668e47 
  jisql/src/main/java/org/apache/util/sql/MySQLPLRunner.java 8b51972 
  kms/config/webserver/ranger-kms-site.xml 81f3f17 
  kms/scripts/install.properties 473d3cf 
  kms/scripts/setup.sh f31e0e2 
  security-admin/scripts/install.properties 34dec22 
  security-admin/scripts/setup.sh f7e02d9 
  security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java 
830a049 
  security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml 
08ed436 
  security-admin/src/main/resources/conf.dist/ranger-admin-site.xml 5f89caa 
  src/main/assembly/admin-web.xml 966033f 
  tagsync/scripts/setup.py 88b10cc 
  
ugsync/src/main/java/org/apache/ranger/unixusersync/config/UserGroupSyncConfig.java
 a4b12b2 
  unixauthservice/scripts/install.properties 50e8487 
  unixauthservice/scripts/setup.py b773e95 
  unixauthservice/scripts/templates/ranger-ugsync-template.xml 74bce8a 
  
unixauthservice/src/main/java/org/apache/ranger/authentication/UnixAuthenticationService.java
 175307f 

Diff: https://reviews.apache.org/r/56163/diff/


Testing
-------

1. Tested Ranger on SSL enabled MySQL.
2. Tested Ranger with and without SSL.
3. Tested HDFS plugin enforecement using SSL enabled Ranger admin. 
4. Tested KMS plugin enforecement using SSL enabled Ranger admin.
5. Tested LDAP and UNIX UserSync.
6. Tested LDAP and UNIX Authentication.
7. Tested Knox Test connection.


Thanks,

Pradeep Agrawal

Reply via email to