ranger-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sneet...@apache.org
Subject [01/10] incubator-ranger git commit: RANGER-518 : Disable SHA256 hashing of password to test rolling downgrade of ranger admin
Date Wed, 03 Jun 2015 10:28:48 GMT
Repository: incubator-ranger
Updated Branches:
  refs/heads/ranger-0.5 681e1ef5c -> 866c01aae


RANGER-518 : Disable SHA256 hashing of password to test rolling downgrade of ranger admin

Signed-off-by: sneethiraj <sneethir@apache.org>


Project: http://git-wip-us.apache.org/repos/asf/incubator-ranger/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-ranger/commit/144c2153
Tree: http://git-wip-us.apache.org/repos/asf/incubator-ranger/tree/144c2153
Diff: http://git-wip-us.apache.org/repos/asf/incubator-ranger/diff/144c2153

Branch: refs/heads/ranger-0.5
Commit: 144c2153b7379761a0531d822013460962d55a9f
Parents: 681e1ef
Author: Gautam Borad <gborad@gmail.com>
Authored: Mon Jun 1 14:14:50 2015 +0530
Committer: sneethiraj <sneethir@apache.org>
Committed: Mon Jun 1 11:58:00 2015 -0400

----------------------------------------------------------------------
 kms/scripts/db_setup.py                                  |  8 ++++----
 kms/scripts/dba_script.py                                |  8 ++++----
 security-admin/scripts/db_setup.py                       |  8 ++++----
 security-admin/scripts/dba_script.py                     |  8 ++++----
 security-admin/src/bin/ranger_install.py                 | 10 +++++-----
 .../src/main/java/org/apache/ranger/biz/UserMgr.java     |  9 ++++++++-
 .../java/org/apache/ranger/common/PropertiesUtil.java    | 11 +++++++++++
 .../security/handler/RangerAuthenticationProvider.java   |  5 ++++-
 .../resources/conf.dist/ranger-admin-default-site.xml    |  5 +++++
 9 files changed, 49 insertions(+), 23 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/kms/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/kms/scripts/db_setup.py b/kms/scripts/db_setup.py
index e7aa9a1..fd10f4e 100644
--- a/kms/scripts/db_setup.py
+++ b/kms/scripts/db_setup.py
@@ -277,9 +277,9 @@ class PostgresConf(BaseDB):
 		path = RANGER_KMS_HOME
 		self.JAVA_BIN = self.JAVA_BIN.strip("'")
 		if os_name == "LINUX":
-			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path,self.host, db_name, user, password)
+			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path,self.host, db_name, user, password)
 		elif os_name == "WINDOWS":
-			jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path, self.host, db_name, user, password)
+			jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path, self.host, db_name, user, password)
 		return jisql_cmd
 
 	def check_connection(self, db_name, db_user, db_password):
@@ -347,9 +347,9 @@ class SqlServerConf(BaseDB):
 		path = RANGER_KMS_HOME
 		self.JAVA_BIN = self.JAVA_BIN.strip("'")
 		if os_name == "LINUX":
-			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s
-driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR,path, user, password, self.host,db_name)
+			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s
-driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR,path, user, password, self.host,db_name)
 		elif os_name == "WINDOWS":
-			jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password
%s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+			jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password
%s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
 		return jisql_cmd
 
 	def check_connection(self, db_name, db_user, db_password):

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/kms/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/kms/scripts/dba_script.py b/kms/scripts/dba_script.py
index f2f3650..2a3d5d7 100644
--- a/kms/scripts/dba_script.py
+++ b/kms/scripts/dba_script.py
@@ -524,9 +524,9 @@ class PostgresConf(BaseDB):
 		path = RANGER_KMS_HOME
 		self.JAVA_BIN = self.JAVA_BIN.strip("'")
 		if os_name == "LINUX":
-			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path,self.host, db_name, user, password)
+			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path,self.host, db_name, user, password)
 		elif os_name == "WINDOWS":
-			jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path, self.host, db_name, user, password)
+			jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path, self.host, db_name, user, password)
 		return jisql_cmd
 
 	def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -721,9 +721,9 @@ class SqlServerConf(BaseDB):
 		path = RANGER_KMS_HOME
 		self.JAVA_BIN = self.JAVA_BIN.strip("'")
 		if os_name == "LINUX":
-			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s
-driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
+			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s
-driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
 		elif os_name == "WINDOWS":
-			jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password
%s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+			jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password
%s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
 		return jisql_cmd
 
 	def verify_user(self, root_user, db_root_password, db_user,dryMode):

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/scripts/db_setup.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/db_setup.py b/security-admin/scripts/db_setup.py
index 52ddeb1..67f2a43 100644
--- a/security-admin/scripts/db_setup.py
+++ b/security-admin/scripts/db_setup.py
@@ -664,9 +664,9 @@ class PostgresConf(BaseDB):
 		path = RANGER_ADMIN_HOME
 		self.JAVA_BIN = self.JAVA_BIN.strip("'")
 		if os_name == "LINUX":
-			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path, self.host, db_name, user, password)
+			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path, self.host, db_name, user, password)
 		elif os_name == "WINDOWS":
-			jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path, self.host, db_name, user, password)
+			jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path, self.host, db_name, user, password)
 		return jisql_cmd
 
 	def check_connection(self, db_name, db_user, db_password):
@@ -912,9 +912,9 @@ class SqlServerConf(BaseDB):
 		path = RANGER_ADMIN_HOME
 		self.JAVA_BIN = self.JAVA_BIN.strip("'")
 		if os_name == "LINUX":
-			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s
-driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s
-driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
 		elif os_name == "WINDOWS":
-			jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password
%s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+			jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password
%s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
 		return jisql_cmd
 
 	def check_connection(self, db_name, db_user, db_password):

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/scripts/dba_script.py
----------------------------------------------------------------------
diff --git a/security-admin/scripts/dba_script.py b/security-admin/scripts/dba_script.py
index bf2a780..a3737ed 100644
--- a/security-admin/scripts/dba_script.py
+++ b/security-admin/scripts/dba_script.py
@@ -699,9 +699,9 @@ class PostgresConf(BaseDB):
 		path = RANGER_ADMIN_HOME
 		self.JAVA_BIN = self.JAVA_BIN.strip("'")
 		if os_name == "LINUX":
-			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path,
self.host, db_name, user, password)
+			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim -c \;" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,path,
self.host, db_name, user, password)
 		elif os_name == "WINDOWS":
-			jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s:5432/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path, self.host, db_name, user, password)
+			jisql_cmd = "%s -cp %s;%s\jisql\\lib\\* org.apache.util.sql.Jisql -driver postgresql -cstring
jdbc:postgresql://%s/%s -u %s -p %s -noheader -trim" %(self.JAVA_BIN, self.SQL_CONNECTOR_JAR,
path, self.host, db_name, user, password)
 		return jisql_cmd
 
 	def verify_user(self, root_user, db_root_password, db_user,dryMode):
@@ -906,9 +906,9 @@ class SqlServerConf(BaseDB):
 		path = RANGER_ADMIN_HOME
 		self.JAVA_BIN = self.JAVA_BIN.strip("'")
 		if os_name == "LINUX":
-			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s
-driver mssql -cstring jdbc:sqlserver://%s:1433\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
+			jisql_cmd = "%s -cp %s:%s/jisql/lib/* org.apache.util.sql.Jisql -user %s -password %s
-driver mssql -cstring jdbc:sqlserver://%s\\;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path,user, password, self.host,db_name)
 		elif os_name == "WINDOWS":
-			jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password
%s -driver mssql -cstring jdbc:sqlserver://%s:1433;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
+			jisql_cmd = "%s -cp %s;%s\\jisql\\lib\\* org.apache.util.sql.Jisql -user %s -password
%s -driver mssql -cstring jdbc:sqlserver://%s;databaseName=%s -noheader -trim"%(self.JAVA_BIN,
self.SQL_CONNECTOR_JAR, path, user, password, self.host,db_name)
 		return jisql_cmd
 
 	def verify_user(self, root_user, db_root_password, db_user,dryMode):

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/src/bin/ranger_install.py
----------------------------------------------------------------------
diff --git a/security-admin/src/bin/ranger_install.py b/security-admin/src/bin/ranger_install.py
index d961b55..42142fe 100644
--- a/security-admin/src/bin/ranger_install.py
+++ b/security-admin/src/bin/ranger_install.py
@@ -292,7 +292,7 @@ def init_variables(switch):
                 conf_dict['SQL_CONNECTOR_JAR'] = os.path.join(dir,filename)
 				
                     				
-    conf_dict['db_host']=os.getenv("RANGER_ADMIN_DB_HOST")
+    conf_dict['db_host']=os.getenv("RANGER_ADMIN_DB_HOST") + ":" + os.getenv("RANGER_ADMIN_DB_PORT")
     conf_dict['db_name']=os.getenv("RANGER_ADMIN_DB_DBNAME")
     conf_dict['db_user']=os.getenv("RANGER_ADMIN_DB_USERNAME")
     conf_dict['db_password']=os.getenv("RANGER_ADMIN_DB_PASSWORD")
@@ -737,7 +737,7 @@ def update_properties():
     log("SQL_HOST is : " + MYSQL_HOST,"debug")
     if RANGER_DB_FLAVOR == "MYSQL":
             propertyName="ranger.jpa.jdbc.url"
-            newPropertyValue="jdbc:log4jdbc:mysql://" + MYSQL_HOST + ":RANGER_ADMIN_DB_PORT/"
+ db_name
+            newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST ,RANGER_ADMIN_DB_PORT,
db_name)
             updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
 
             propertyName="ranger.jpa.jdbc.user"
@@ -749,7 +749,7 @@ def update_properties():
             updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
 		
             propertyName="ranger.jpa.audit.jdbc.url"
-            newPropertyValue="jdbc:log4jdbc:mysql://"+MYSQL_HOST+":RANGER_AUDIT_DB_PORT/"+audit_db_name
+            newPropertyValue="jdbc:log4jdbc:mysql://%s:%s/%s" %(MYSQL_HOST, RANGER_AUDIT_DB_PORT,
audit_db_name)
             updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
 
             propertyName="ranger.jpa.jdbc.dialect"
@@ -837,7 +837,7 @@ def update_properties():
 
     elif RANGER_DB_FLAVOR == "MSSQL":
         propertyName="ranger.jpa.jdbc.url"
-        newPropertyValue="jdbc:sqlserver://%s;databaseName=%s" %(MYSQL_HOST, db_name)
+        newPropertyValue="jdbc:sqlserver://%s:%s;databaseName=%s" %(MYSQL_HOST, RANGER_ADMIN_DB_PORT,
db_name)
         updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
 
         propertyName="ranger.jpa.jdbc.user"
@@ -849,7 +849,7 @@ def update_properties():
         updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
 		
         propertyName="ranger.jpa.audit.jdbc.url"
-        newPropertyValue="jdbc:sqlserver://%s;databaseName=%s" % (MYSQL_HOST, audit_db_name)
+        newPropertyValue="jdbc:sqlserver://%s:%s;databaseName=%s" % (MYSQL_HOST, RANGER_AUDIT_DB_PORT,
audit_db_name)
         updatePropertyToFilePy(propertyName ,newPropertyValue ,to_file_ranger)
 
         propertyName="ranger.jpa.jdbc.dialect"

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
index f047d14..939ddc2 100644
--- a/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
+++ b/security-admin/src/main/java/org/apache/ranger/biz/UserMgr.java
@@ -33,6 +33,7 @@ import org.apache.ranger.common.ContextUtil;
 import org.apache.ranger.common.DateUtil;
 import org.apache.ranger.common.GUIDUtil;
 import org.apache.ranger.common.MessageEnums;
+import org.apache.ranger.common.PropertiesUtil;
 import org.apache.ranger.common.RESTErrorUtil;
 import org.apache.ranger.common.RangerCommonEnums;
 import org.apache.ranger.common.RangerConfigUtil;
@@ -1109,7 +1110,13 @@ public class UserMgr {
 	}
 
 	public String encrypt(String loginId, String password) {
-		String saltEncodedpasswd = sha256Encoder.encodePassword(password, loginId);
+		String sha256PasswordUpdateDisable=PropertiesUtil.getProperty("ranger.sha256Password.update.disable",
"false");
+		String saltEncodedpasswd="";
+		if("false".equalsIgnoreCase(sha256PasswordUpdateDisable)){
+			saltEncodedpasswd = sha256Encoder.encodePassword(password, loginId);
+		}else{
+			saltEncodedpasswd = md5Encoder.encodePassword(password, loginId);
+		}
 		return saltEncodedpasswd;
 	}
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
index 4044443..5229fe7 100644
--- a/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
+++ b/security-admin/src/main/java/org/apache/ranger/common/PropertiesUtil.java
@@ -152,6 +152,17 @@ public class PropertiesUtil extends PropertyPlaceholderConfigurer {
 			}
 		}
 	}
+	if(propertiesMap!=null){
+		String sha256PasswordUpdateDisable="false";
+		if(propertiesMap.containsKey("ranger.sha256Password.update.disable")){
+			sha256PasswordUpdateDisable=propertiesMap.get("ranger.sha256Password.update.disable");
+			if(sha256PasswordUpdateDisable==null || sha256PasswordUpdateDisable.trim().isEmpty()||
!"true".equalsIgnoreCase(sha256PasswordUpdateDisable)){
+				sha256PasswordUpdateDisable="false";
+			}
+		}
+		propertiesMap.put("ranger.sha256Password.update.disable", sha256PasswordUpdateDisable);
+		props.put("ranger.sha256Password.update.disable", sha256PasswordUpdateDisable);
+	}
 	super.processProperties(beanFactory, props);
     }
 

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
----------------------------------------------------------------------
diff --git a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
index ac522cc..1f1d957 100644
--- a/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
+++ b/security-admin/src/main/java/org/apache/ranger/security/handler/RangerAuthenticationProvider.java
@@ -82,6 +82,7 @@ public class RangerAuthenticationProvider implements AuthenticationProvider
{
 	@Override
 	public Authentication authenticate(Authentication authentication)
 			throws AuthenticationException {
+		String sha256PasswordUpdateDisable=PropertiesUtil.getProperty("ranger.sha256Password.update.disable",
"false");
 		if(rangerAuthenticationMethod==null){
 			rangerAuthenticationMethod="NONE";
 		}
@@ -144,7 +145,9 @@ public class RangerAuthenticationProvider implements AuthenticationProvider
{
 					throw e;
 				}
 				if(authentication!=null && authentication.isAuthenticated()){
-					userMgr.updatePasswordInSHA256(userName,userPassword);
+					if("false".equalsIgnoreCase(sha256PasswordUpdateDisable)){
+						userMgr.updatePasswordInSHA256(userName,userPassword);
+					}
 					return authentication;
 				}else{
 					return authentication;

http://git-wip-us.apache.org/repos/asf/incubator-ranger/blob/144c2153/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
----------------------------------------------------------------------
diff --git a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
index de0f8b1..580341b 100644
--- a/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
+++ b/security-admin/src/main/resources/conf.dist/ranger-admin-default-site.xml
@@ -436,4 +436,9 @@
 		<value>ranger.solr.password</value>
 		<description></description>
 	</property>
+	<property>
+		<name>ranger.sha256Password.update.disable</name>
+		<value>false</value>
+		<description></description>
+	</property>
 </configuration>


Mime
View raw message