ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ximo Guanter (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-2361) Simplify the agent cert creation and server cert signing so that cleanup of certs can make retries a simpler process.
Date Wed, 12 Jun 2013 10:48:21 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-2361?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13681097#comment-13681097
] 

Ximo Guanter commented on AMBARI-2361:
--------------------------------------

Isn't this opening a vector attack? A malicious host can now prevent client-server communication
for any other host in the network. Say host A wants to mess up host B's communications to
ambari server. It can now send a cert registration request for host B with the URL /certs/hostA,
which will revoke host A's cert and now all heartbeats from that host will fail due to an
unrecognized cert. Maybe I'm missing something, though.
                
> Simplify the agent cert creation and server cert signing so that cleanup of certs can
make retries a simpler process.
> ---------------------------------------------------------------------------------------------------------------------
>
>                 Key: AMBARI-2361
>                 URL: https://issues.apache.org/jira/browse/AMBARI-2361
>             Project: Ambari
>          Issue Type: Bug
>          Components: controller
>    Affects Versions: 1.2.3
>            Reporter: Dmitry Sen
>            Assignee: Dmitry Sen
>             Fix For: 1.3.0
>
>         Attachments: AMBARI-2361.patch
>
>
> Simplify the agent cert creation and server cert signing so that cleanup of certs can
make retries a simpler process.
> Ambari-server autorevokes existing agent's certificate if repeated certificate signing
request recieved from an agent.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message