Uploaded image for project: 'Ranger'
  1. Ranger
  2. RANGER-1316

Ranger-Admin enable security mode should not depend on configuration logdir

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 0.7.0
    • admin

    Description

      Ranger-Admin enable security mode should not depend on configuration logdir,
      in fact, it should depend on whether hadoop.security.authentication is kerberos.
      If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
      the Ranger-Admin would not enable security mode.
      By the way, people who read the code will be confused,
      because logdir has nothing to do with security of Ranger-Admin.

      The code which have problem can be found in Java method EmbeddedServer.start():

      if (getConfig("logdir") != null) {
      	String keytab = getConfig(ADMIN_USER_KEYTAB);
      	String principal = null;
      	......
      	if (getConfig(AUTHENTICATION_TYPE) != null &&
      	getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
      	SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
      	......
      	}
      }
      

      Attachments

        1. 0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch
          2 kB
          Qiang Zhang
        2. RANGER-1316.patch
          11 kB
          Ankita Sinha
        3. RANGER-1316.patch
          10 kB
          Ankita Sinha

        Issue Links

          Activity

            People

              ankita Ankita Sinha
              zhangqiang2 Qiang Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: