Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 89E782009DC for ; Tue, 2 May 2017 11:05:14 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 88815160BAC; Tue, 2 May 2017 09:05:14 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id A933F160BA1 for ; Tue, 2 May 2017 11:05:13 +0200 (CEST) Received: (qmail 82928 invoked by uid 500); 2 May 2017 09:05:11 -0000 Mailing-List: contact issues-help@ambari.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ambari.apache.org Delivered-To: mailing list issues@ambari.apache.org Received: (qmail 82919 invoked by uid 99); 2 May 2017 09:05:11 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 02 May 2017 09:05:11 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 418F9192AA0 for ; Tue, 2 May 2017 09:05:11 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id hUcLwdsaT5sb for ; Tue, 2 May 2017 09:05:05 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id 2FBEA5FC4F for ; Tue, 2 May 2017 09:05:05 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 5EC87E08BB for ; Tue, 2 May 2017 09:05:04 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 17BDF21DE1 for ; Tue, 2 May 2017 09:05:04 +0000 (UTC) Date: Tue, 2 May 2017 09:05:04 +0000 (UTC) From: "Robert Levas (JIRA)" To: issues@ambari.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (AMBARI-20860) BE: Improve User Account Management MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Tue, 02 May 2017 09:05:14 -0000 [ https://issues.apache.org/jira/browse/AMBARI-20860?page=3Dcom.atlass= ian.jira.plugin.system.issuetabpanels:all-tabpanel ] Robert Levas updated AMBARI-20860: ---------------------------------- Description:=20 Update the backend for improved user management. =20 User management tables in the DB should be: *{{users}}* ||Name||Type||Description|| |user_id|INTEGER|Internal unique identifier| |principal_id|INTEGER|Foreign key from adminprincipal table| |user_name|VARCHAR|Unique, case-insensitive, login identifier expected to b= e used when logging into Ambari| |create_time|TIMESTAMP|Creation time for this account in Ambari| |active|BOOLEAN|Active/not active flag| |consecutive_failed_auth_attemps|INTEGER|The number a failed authorization = attempts since the last successful authentication| |active_widgets_layout|VARCHAR| | |display_name|VARCHAR|Cosmetic name value to show the user in user interfac= es| |local_username|VARCHAR|Case-sensitive username to use when impersonating u= ser in facilities like Ambari Views| * Primary Key: {{user_id * Foreign Key: {{principal_id}} -> {{adminprincipal.principal_id}} *{{user_authentication}}* ||Name||Type||Description|| |user_authentication_id|INTEGER|Primary key for this table| |user_id|INTEGER|Foreign key from users table| |authentication_type|VARCHAR|Type of authentication system - LOCAL, LDAP, = KERBEROS, JTW, PAM, etc... |authentication_key|VARCHAR|Type-specific key (or identifier): * LOCAL: the user's password (digest) * LDAP: the user=E2=80=99s distinguished name * KERBEROS: the user=E2=80=99s principal * etc...| |create_time|TIMESTAMP|Creation time of this record |update_time|TIMESTAMP|Update time for this record, can be used to enforce = password retention times| * Primary Key: {{user_authentication_id}} * Foreign Key: {{user_id}} -> {{users.user_id}} Java code needs to change accordingly. was: Update the backend for improved user management. =20 User management tables in the DB should be: *{{users}}* ||Name||Type||Description|| |user_id|INTEGER|Internal unique identifier| |principal_id|INTEGER|Foreign key from adminprincipal table| |user_name|VARCHAR|Unique, case-insensitive, login identifier expected to b= e used when logging into Ambari| |create_time|TIMESTAMP|Creation time for this account in Ambari| |active|BOOLEAN|Active/not active flag| |consecutive_failed_auth_attemps|INTEGER|The number a failed authorization = attempts since the last successful authentication| |active_widgets_layout|VARCHAR| | |display_name|VARCHAR|Cosmetic name value to show the user in user interfac= es| |local_username|VARCHAR|Case-sensitive username to use when impersonating u= ser in facilities like Ambari Views| * Primary Key: {{user_id * Foreign Key: {{principal_id}} -> {{adminprincipal.principal_id}} *{{user_authentication}}* ||Name||Type||Description|| |user_authentication_id|INTEGER|Primary key for this table| |user_id|INTEGER|Foreign key from users table| |type|VARCHAR|Type of authentication system - LOCAL, LDAP, KERBEROS, JTW, = PAM, etc... |key|VARCHAR|Type-specific key (or identifier): * LOCAL: the user's password (digest) * LDAP: the user=E2=80=99s distinguished name * KERBEROS: the user=E2=80=99s principal * etc...| |create_time|TIMESTAMP|Creation time of this record |update_time|TIMESTAMP|Update time for this record, can be used to enforce = password retention times| * Primary Key: {{user_authentication_id}} * Foreign Key: {{user_id}} -> {{users.user_id}} Java code needs to change accordingly. > BE: Improve User Account Management=09 > ------------------------------------ > > Key: AMBARI-20860 > URL: https://issues.apache.org/jira/browse/AMBARI-20860 > Project: Ambari > Issue Type: Task > Components: ambari-server > Affects Versions: 3.0.0 > Reporter: Robert Levas > Assignee: Robert Levas > Labels: authentication, security > Fix For: 3.0.0 > > > Update the backend for improved user management. =20 > User management tables in the DB should be: > *{{users}}* > ||Name||Type||Description|| > |user_id|INTEGER|Internal unique identifier| > |principal_id|INTEGER|Foreign key from adminprincipal table| > |user_name|VARCHAR|Unique, case-insensitive, login identifier expected to= be used when logging into Ambari| > |create_time|TIMESTAMP|Creation time for this account in Ambari| > |active|BOOLEAN|Active/not active flag| > |consecutive_failed_auth_attemps|INTEGER|The number a failed authorizatio= n attempts since the last successful authentication| > |active_widgets_layout|VARCHAR| | > |display_name|VARCHAR|Cosmetic name value to show the user in user interf= aces| > |local_username|VARCHAR|Case-sensitive username to use when impersonating= user in facilities like Ambari Views| > * Primary Key: {{user_id > * Foreign Key: {{principal_id}} -> {{adminprincipal.principal_id}} > *{{user_authentication}}* > ||Name||Type||Description|| > |user_authentication_id|INTEGER|Primary key for this table| > |user_id|INTEGER|Foreign key from users table| > |authentication_type|VARCHAR|Type of authentication system - LOCAL, LDAP,= KERBEROS, JTW, PAM, etc... > |authentication_key|VARCHAR|Type-specific key (or identifier): > * LOCAL: the user's password (digest) > * LDAP: the user=E2=80=99s distinguished name > * KERBEROS: the user=E2=80=99s principal > * etc...| > |create_time|TIMESTAMP|Creation time of this record > |update_time|TIMESTAMP|Update time for this record, can be used to enforc= e password retention times| > * Primary Key: {{user_authentication_id}} > * Foreign Key: {{user_id}} -> {{users.user_id}} > Java code needs to change accordingly. -- This message was sent by Atlassian JIRA (v6.3.15#6346)