accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Josh Elser (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-3622) admin tool for reseting passwords stored in ZKAuthenticator
Date Sat, 04 Apr 2015 02:21:33 GMT


Josh Elser commented on ACCUMULO-3622:

Not sure about how semver would (or would not) support this in older versions. Leaving fixVersion
for the older versions for now.

> admin tool for reseting passwords stored in ZKAuthenticator
> -----------------------------------------------------------
>                 Key: ACCUMULO-3622
>                 URL:
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: zookeeper
>    Affects Versions: 1.5.0, 1.6.0
>            Reporter: Sean Busbey
>            Priority: Critical
>              Labels: operations, supportability
>             Fix For: 1.5.3, 1.6.3, 1.8.0, 1.7.1
> For clusters that rely on the ZKAuthenticator, we should add an admin tool that will
do password resets outside of the shell. The tool will need to be supplied the ZK quorum,
the instance-id (or name), and the instance secret.
> The main use case here is should a change management failure happen that results in losing
the root user password.
> Currently, when users face this problem their only option is to access ZK's restricted
properties directly with the instance secret (via ACCUMULO-2469) and then overwrite the contents
of the node {{/accumulo/<instance id>/users/root}} with the following byte array (per
for 1.6.z):
> {code}
> [8 byte salt][32 byte output of SHA-256([UTF8 bytes of password][8 byte salt])]
> {code}
> The tool should live with the other non-public-api internal tools (server/base/src/main/java/org/apache/accumulo/server/util/).

This message was sent by Atlassian JIRA

View raw message