ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Levas" <rle...@hortonworks.com>
Subject Re: Review Request 30723: Kerberos: Keytab content is available through requests endpoint
Date Fri, 06 Feb 2015 15:24:19 GMT

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/30723/#review71438
-----------------------------------------------------------

Ship it!


Ship It!

- Robert Levas


On Feb. 6, 2015, 8:36 a.m., Vitalyi Brodetskyi wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/30723/
> -----------------------------------------------------------
> 
> (Updated Feb. 6, 2015, 8:36 a.m.)
> 
> 
> Review request for Ambari, Dmitro Lisnichenko and Robert Levas.
> 
> 
> Bugs: AMBARI-9512
>     https://issues.apache.org/jira/browse/AMBARI-9512
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> I seems like we can see the contents of keytabs generated via Ambari from the /api/v1/clusters/
> {clustername}
> /requests endpoint, which is also shown in the UI on the keytab tasks.
> This is a potential security risk, as anyone who has an Ambari account can access them
(including non-Admin, read-only users).
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/package/scripts/kerberos_common.py
b000c04 
>   ambari-server/src/test/python/stacks/2.2/KERBEROS/test_kerberos_client.py 3bda3f9 
>   ambari-server/src/test/python/stacks/utils/RMFTestCase.py 85e229a 
> 
> Diff: https://reviews.apache.org/r/30723/diff/
> 
> 
> Testing
> -------
> 
> mvn clean test
> 
> 
> Thanks,
> 
> Vitalyi Brodetskyi
> 
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message