ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitry Lysnichenko (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (AMBARI-2389) Registration fails sometimes because of openssl issues on signing the certs.
Date Fri, 14 Jun 2013 17:44:20 GMT

    [ https://issues.apache.org/jira/browse/AMBARI-2389?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13683581#comment-13683581
] 

Dmitry Lysnichenko commented on AMBARI-2389:
--------------------------------------------

Hi Diego,
Probably that is done for security reasons. Currently, if someone performs "man in the middle"
attack after initial certificate signing, agent will refuse to connect. 
If we deleted existing certificate as proposed, the attacker would be able to steal AMBARI_PASSPHRASE
when agent reconnects and also to send commands to the agent. These commands only trigger
pre-defined puppet manifests execution, so it is not critical, but still may be dangerous.
 
                
> Registration fails sometimes because of openssl issues on signing the certs.
> ----------------------------------------------------------------------------
>
>                 Key: AMBARI-2389
>                 URL: https://issues.apache.org/jira/browse/AMBARI-2389
>             Project: Ambari
>          Issue Type: Bug
>          Components: client
>    Affects Versions: 1.2.0
>            Reporter: Dmitry Sen
>            Assignee: Dmitry Sen
>            Priority: Critical
>             Fix For: 1.3.0
>
>         Attachments: AMBARI-2389.patch
>
>   Original Estimate: 48h
>  Remaining Estimate: 48h
>
> Registration fails sometimes because of openssl issues on signing the certs. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message