Uploaded image for project: 'Kylin'
  1. Kylin
  2. KYLIN-1401

Passwords in kylin.properties should be enctrypted

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: v1.2
    • Fix Version/s: v1.5.0
    • Component/s: Client - CLI
    • Labels:
      None

      Description

      When integrating LDAP authentication in Kylin, people might run into the following error message. One possible reason is that Kylin actually requires passwords in kylin.properties be encrypted.

      Invalid bean definition with name 'ldapSource' defined in class path resource [kylinSecurity.xm]: Input length must be multiple of 16 when decrypting with padded cipher

      Related code for passwords decryption is as follows:

      PasswordPlaceholderConfigurer.java
          protected String resolvePlaceholder(String placeholder, Properties props) {
              if (placeholder.toLowerCase().contains("password")) {
                  return decrypt(props.getProperty(placeholder));
              } else {
                  return props.getProperty(placeholder);
              }
          }
      

      Related discussion in mailing list: Link

      In this ticket, I would propose a CLI tool for password encryption for Kylin, and add related documentation in How to Enable Security with LDAP and SSO

        Attachments

          Activity

            People

            • Assignee:
              shaofengshi Shao Feng Shi
              Reporter:
              wxiang7 Wu Xiang
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: