Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-20938

LDAPS connections to an Active Directory when enabling Kerberos should validate the server's SSL certificate

    XMLWordPrintableJSON

    Details

      Description

      LDAPS connections to an Active Directory when enabling Kerberos should validate the server's SSL certificate. The current implementation skips validation checks to help avoid SSL issues; however this is not secure. Also the trusting SSL connection may not support the more secure SSL protocols - TLSv1.2.

      A flag in the ambari.properties file (kerberos.operation.verify.kdc.trust) should be available to allow for the user to select either a trusting SSL connection or a validating (non-trusting) SSL connection to be used. The default should be to use the standard (non-trusting) SSL connection.

        Attachments

        1. AMBARI-20938_trunk_01.patch
          35 kB
          Robert Levas
        2. AMBARI-20938_branch-2.5_01.patch
          38 kB
          Robert Levas

          Issue Links

            Activity

              People

              • Assignee:
                rlevas Robert Levas
                Reporter:
                rlevas Robert Levas
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: