[ 
https://issues.apache.org/jira/browse/GEODE-1659?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Swapnil Bawaskar updated GEODE-1659:
------------------------------------
    Description: 
All the locators and all the servers need to be configured with 
{{security-manager}} geode property to enable integrated security. If a user 
misses specifying this property even on one member, we end up compromising the 
entire cluster.

We need to make security-manager part of cluster config properties, so that any 
new member joining the system will be able to inherit this property.
We should also reject members that have disabled security and cluster 
configuration from joining the cluster.

  was:
All the locators and all the servers need to be configured with 
{{security-manager}} geode property to enable integrated security. If a user 
misses specifying this property even on one member, we end up compromising the 
entire cluster.
To prevent this, we should log a warning message in the logs and in gfsh 
console when a member is started without security when existing members are 
configured with security.
In the long term we need to make security-manager part of cluster config 
properties, so that any new member joining the system will be able to inherit 
this property.


> Prevent misconfiguration of Integrated Security
> -----------------------------------------------
>
>                 Key: GEODE-1659
>                 URL: https://issues.apache.org/jira/browse/GEODE-1659
>             Project: Geode
>          Issue Type: Sub-task
>          Components: security
>            Reporter: Swapnil Bawaskar
>
> All the locators and all the servers need to be configured with 
> {{security-manager}} geode property to enable integrated security. If a user 
> misses specifying this property even on one member, we end up compromising 
> the entire cluster.
> We need to make security-manager part of cluster config properties, so that 
> any new member joining the system will be able to inherit this property.
> We should also reject members that have disabled security and cluster 
> configuration from joining the cluster.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to