Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-8447

Update ConfigurationResourceProvider to handle Kerberos Administrative Credentials as a special case

VotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    Description

      Certain configuration settings need to handled in special-case scenarios. For example short-lived settings to be stored per request or session scope. Or secure data the must not be stored in the Ambari database.

      An example of this type of data is the administrative credentials used to manage a KDC server. This configuration data is short lived (per session) and sensitive. Therefore, it must be handled as a special case.

      To determine that a configuration request contains this data, the type of the configuration is to be used. For this specific case, a configuration type of kerberos_admin_identity will trigger the special case to secure and store the administrative credentials in a file. Ideally if the session data was available (see AMBARI-8426) a session-based encryption key would be created and stored in session. That key would then be used to encrypt the data from this request. The encrypted data and key would then be retrieved from the session, decrypted, and used as needed.

      Attachments

        1. AMBARI-8447.patch
          39 kB
          Tom Beerbower

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            tbeerbower Tom Beerbower
            rlevas Robert Levas
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Issue deployment