ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vitalyi Brodetskyi" <vbrodets...@hortonworks.com>
Subject Review Request 30723: Kerberos: Keytab content is available through requests endpoint
Date Fri, 06 Feb 2015 13:36:30 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30723/
-----------------------------------------------------------

Review request for Ambari, Dmitro Lisnichenko and Robert Levas.


Bugs: AMBARI-9512
    https://issues.apache.org/jira/browse/AMBARI-9512


Repository: ambari


Description
-------

I seems like we can see the contents of keytabs generated via Ambari from the /api/v1/clusters/
{clustername}
/requests endpoint, which is also shown in the UI on the keytab tasks.
This is a potential security risk, as anyone who has an Ambari account can access them (including
non-Admin, read-only users).


Diffs
-----

  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py
b000c04 
  ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py 3bda3f9 
  ambari-server/src/test/python/stacks/utils/RMFTestCase.py 85e229a 

Diff: https://reviews.apache.org/r/30723/diff/


Testing
-------

mvn clean test


Thanks,

Vitalyi Brodetskyi


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message