[jira] [Created] (AMBARI-20938) LDAPS connections to an Active Directory when enabling Kerberos should validate the server's SSL certificate

Robert Levas (JIRA) Thu, 04 May 2017 13:40:18 -0700

Robert Levas created AMBARI-20938:
-------------------------------------

             Summary: LDAPS connections to an Active Directory when enabling 
Kerberos should validate the server's SSL certificate
                 Key: AMBARI-20938
                 URL: https://issues.apache.org/jira/browse/AMBARI-20938
             Project: Ambari
          Issue Type: Bug
          Components: ambari-server
    Affects Versions: 2.0.0
            Reporter: Robert Levas
            Assignee: Robert Levas
             Fix For: 2.5.2



LDAPS connections to an Active Directory when enabling Kerberos should validate 
the server's SSL certificate.  The current implementation skips validation 
checks to help avoid SSL issues; however this is not secure. Also the 
_trusting_ SSL connection may not support the more secure SSL protocols - 
TLSv1.2.

A flag in the {{ambari.properties}} file should be available to allow for the 
_trusting_  SSL connection to be used; but the default should be to use the 
standard (non-trusting) SSL connection. 




--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Created] (AMBARI-20938) LDAPS connections to an Active Directory when enabling Kerberos should validate the server's SSL certificate

Reply via email to