[
https://issues.apache.org/jira/browse/TRAFODION-2049?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Pierre Smits updated TRAFODION-2049:
------------------------------------
Fix Version/s: (was: 1.1 (pre-incubation))
> Securely store passwords for Trafodion use.
> -------------------------------------------
>
> Key: TRAFODION-2049
> URL: https://issues.apache.org/jira/browse/TRAFODION-2049
> Project: Apache Trafodion
> Issue Type: Sub-task
> Components: sql-security
> Reporter: Roberta Marton
>
> Today, passwords are stored in the clear in a config file while the
> installation or upgrade is running. After the installation completes, the
> passwords are removed. However, passwords still remain in the clear in the
> temp config file used by installer - people have read access. This needs to
> be fixed.
> In addition, the Kerberos admin password is not saved but asked when needed
> to secure install. This is painful because you need to watch for the prompt.
> There needs to be a way to store passwords securely on the system and/or not
> store passwords but ask for them every time. Perhaps using some encryption
> algorithm to save passwords in a file that can be encrypted when needed.
> Investigation into the best mechanism is needed.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
