we have Zeppelin instance on aws emr, we didn't experience any issues with jceks
On Monday, July 24, 2017, 11:57:16 PM PDT, cs user <acldstk...@gmail.com> wrote: Bump.... Has anyone managed to get this working? On Thu, Jul 20, 2017 at 11:37 AM, cs user <acldstk...@gmail.com> wrote: Hello, Can someone explain how the shiro.ini config should look when trying to encrypt the AD password? We have the following config: activeDirectoryRealm = org.apache.zeppelin.realm. ActiveDirectoryGroupRealm activeDirectoryRealm.url = ldaps://some.address.com:636 activeDirectoryRealm. searchBase = DC=top,DC=domain,DC=sub,DC=com activeDirectoryRealm. groupRolesMap = "CN=GROUP,OU=some,OU=location, OU=folder,DC=top,DC=domain,DC= sub,DC=com”:”someuser” activeDirectoryRealm. systemUsername = some.account # Password commented out #activeDirectoryRealm. systemPassword = passwordnotused activeDirectoryRealm. hadoopSecurityCredentialPath = "jceks://file/tmp/zeppelin/ conf/zeppelin.jceks" activeDirectoryRealm. principalSuffix=@some.sub.com activeDirectoryRealm. authorizationCachingEnabled = false However it doesn't appear to be using the credential which is stored in the jceks file. The file was created using the following command: hadoop credential create activeDirectoryRealm. systemPassword -provider jceks://file/tmp/zeppelin/ conf/zeppelin.jceks The file is owned by zeppelin. I've tried created the credential with both "systemPassword" and "systempassword" as the name. Everything works fine if I just use the plain text password. I'm using Zeppelin version 0.7.0. What am I missing here? Does anyone have an example config which is working for them? I've check the logs and there are no errors relating to loading the above jceks file. Thanks!
