[RANGER-1316] Ranger-Admin enable security mode should not depend on configuration logdir - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.7.0
Component/s: admin
Labels:
- security

Description

Ranger-Admin enable security mode should not depend on configuration logdir,
in fact, it should depend on whether hadoop.security.authentication is kerberos.
If the logdir is null, even if Ranger-Admin is set to Kerberos authentication,
the Ranger-Admin would not enable security mode.
By the way, people who read the code will be confused,
because logdir has nothing to do with security of Ranger-Admin.

The code which have problem can be found in Java method EmbeddedServer.start():

if (getConfig("logdir") != null) {
	String keytab = getConfig(ADMIN_USER_KEYTAB);
	String principal = null;
	......
	if (getConfig(AUTHENTICATION_TYPE) != null &&
	getConfig(AUTHENTICATION_TYPE).trim().equalsIgnoreCase(AUTH_TYPE_KERBEROS) &&
	SecureClientLogin.isKerberosCredentialExists(principal, keytab)){
	......
	}
}

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

0001-RANGER-1316-Admin-security-should-not-depend-on-logd.patch
18/Jan/17 08:16
2 kB
Qiang Zhang
RANGER-1316.patch
24/Jan/17 05:53
10 kB
Ankita Sinha
RANGER-1316.patch
20/Jan/17 10:33
11 kB
Ankita Sinha

Issue Links

is duplicated by

RANGER-1280 Currently the ranger-admin will be aborted and couldn't find any error messages in log file when the exception occured. We should get the default value instead of aborted and record the error log.

Resolved

RANGER-1287 Remove code duplication from Java method EmbeddedServer.start()

Resolved

links to

Review Request

Activity

People

Assignee:: Ankita Sinha

Reporter:: Qiang Zhang

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 18/Jan/17 07:31

Updated:: 25/Jan/17 08:30

Resolved:: 25/Jan/17 08:30