ambari-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eron Wright (JIRA)" <>
Subject [jira] [Commented] (AMBARI-8734) Create a more secure way to obtain and handle KDC administrator credentials
Date Wed, 25 Feb 2015 06:44:04 GMT


Eron Wright  commented on AMBARI-8734:

Please consider these additional scenarios when designing admin credential storage.

# *Host maintenance* - Ambari makes a valiant effort to restore a host to working condition
whenever services are started on that host.  Today, Ambari is capable of restoring a host
after a complete wipe of its state.   For this to remain true for secure clusters, Ambari
must either store keytabs (to redeploy them when necessary), or be able to regenerate them
at any time.  Also keep in mind that the act of exporting a keytab invalidates any previously
exported keytab for a given principal.
# *Cluster expansion* - as hosts are added to an existing cluster, new principals must be
created accordingly.   
# *Role reassignment* - host-role assignment may change at any time, necessitating new principals.

> Create a more secure way to obtain and handle KDC administrator credentials
> ---------------------------------------------------------------------------
>                 Key: AMBARI-8734
>                 URL:
>             Project: Ambari
>          Issue Type: Improvement
>          Components: ambari-server
>    Affects Versions: 2.0.0
>            Reporter: Robert Levas
>            Assignee: Robert Levas
>              Labels: encryption, kdc_credentials, kerberos, security
>             Fix For: 2.1.0
> The current mechanism for obtaining and handling KDC administrator credentials is not
particularly secure thus allowing any knowledgeable user to potentally gain access to them.
> A new mechanism needs to be put in place to security store this data for at least the
duration of a HTTP session and potentially longer in the event Ambari allow for long-term
storage of this data. 
> Ideally any solution is generic enough to handle secure data of any type.

This message was sent by Atlassian JIRA

View raw message