[AMBARI-20938] LDAPS connections to an Active Directory when enabling Kerberos should validate the server's SSL certificate - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 2.0.0
Fix Version/s: 2.5.2
Component/s: ambari-server
Labels:

Description

LDAPS connections to an Active Directory when enabling Kerberos should validate the server's SSL certificate. The current implementation skips validation checks to help avoid SSL issues; however this is not secure. Also the trusting SSL connection may not support the more secure SSL protocols - TLSv1.2.

A flag in the ambari.properties file (kerberos.operation.verify.kdc.trust) should be available to allow for the user to select either a trusting SSL connection or a validating (non-trusting) SSL connection to be used. The default should be to use the standard (non-trusting) SSL connection.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-20938_trunk_01.patch
09/May/17 16:05
35 kB
Robert Levas
AMBARI-20938_branch-2.5_01.patch
09/May/17 16:05
38 kB
Robert Levas

Issue Links

links to

ReviewBoard

Activity

People

Assignee:: Robert Levas

Reporter:: Robert Levas

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 04/May/17 20:39

Updated:: 02/Jun/17 21:05

Resolved:: 02/Jun/17 20:29