You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ambari.apache.org by Robert Levas <rl...@hortonworks.com> on 2015/05/01 03:02:14 UTC
Review Request 33742: Kerberos: Password generator needs to generate
passwords based on rules to satisfy password policy
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/
-----------------------------------------------------------
Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
Bugs: AMBARI-10018
https://issues.apache.org/jira/browse/AMBARI-10018
Repository: ambari
Description
-------
The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters.
In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met.
The following rules should be settable:
+ Length
+ Minimum number of lowercase letters (`a-z`)
+ Minimum number of uppercase letters (`A-Z`)
+ Minimum number of digits (`0-9`)
+ Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b
ambari-web/app/data/HDP2/site_properties.js a35104e
Diff: https://reviews.apache.org/r/33742/diff/
Testing
-------
Manual testing
**Jenkins test results: PENDING**
Thanks,
Robert Levas
Re: Review Request 33742: Kerberos: Password generator needs to
generate passwords based on rules to satisfy password policy
Posted by Robert Levas <rl...@hortonworks.com>.
> On May 4, 2015, 5:04 a.m., Emil Anca wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java, line 276
> > <https://reviews.apache.org/r/33742/diff/1/?file=947002#file947002line276>
> >
> > Isn't this a feature we might reuse? If so we could provide a generically decribed interface with #createSecurePassword and have the Kerb Oper Handler implement it to expose reuseable functionality such as pass generation (or other features) to the non-kerberos code. Just a thought;
I agree that a generic password generation service might be useful... but it should be moved from the Kerberos logic to a separate entry point in the API. That said, the current API strucutre doesn't lend itself to RPC calls like this (meaning a password is not a resource that can be created, updated, retrueved and destroyed - well it can be created).
However, let me investigate moving this code out to a more generic location in the code and maybe in the future we can add a password generation service via the API.
- Robert
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/#review82362
-----------------------------------------------------------
On April 30, 2015, 9:02 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33742/
> -----------------------------------------------------------
>
> (Updated April 30, 2015, 9:02 p.m.)
>
>
> Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
>
>
> Bugs: AMBARI-10018
> https://issues.apache.org/jira/browse/AMBARI-10018
>
>
> Repository: ambari
>
>
> Description
> -------
>
> The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters.
>
> In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met.
>
> The following rules should be settable:
> + Length
> + Minimum number of lowercase letters (`a-z`)
> + Minimum number of uppercase letters (`A-Z`)
> + Minimum number of digits (`0-9`)
> + Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b
> ambari-web/app/data/HDP2/site_properties.js a35104e
>
> Diff: https://reviews.apache.org/r/33742/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> **Jenkins test results: PENDING**
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 33742: Kerberos: Password generator needs to
generate passwords based on rules to satisfy password policy
Posted by Emil Anca <ea...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/#review82362
-----------------------------------------------------------
Ship it!
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
<https://reviews.apache.org/r/33742/#comment133096>
Isn't this a feature we might reuse? If so we could provide a generically decribed interface with #createSecurePassword and have the Kerb Oper Handler implement it to expose reuseable functionality such as pass generation (or other features) to the non-kerberos code. Just a thought;
- Emil Anca
On May 1, 2015, 1:02 a.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33742/
> -----------------------------------------------------------
>
> (Updated May 1, 2015, 1:02 a.m.)
>
>
> Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
>
>
> Bugs: AMBARI-10018
> https://issues.apache.org/jira/browse/AMBARI-10018
>
>
> Repository: ambari
>
>
> Description
> -------
>
> The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters.
>
> In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met.
>
> The following rules should be settable:
> + Length
> + Minimum number of lowercase letters (`a-z`)
> + Minimum number of uppercase letters (`A-Z`)
> + Minimum number of digits (`0-9`)
> + Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b
> ambari-web/app/data/HDP2/site_properties.js a35104e
>
> Diff: https://reviews.apache.org/r/33742/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> **Jenkins test results: PENDING**
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 33742: Kerberos: Password generator needs to
generate passwords based on rules to satisfy password policy
Posted by Robert Nettleton <rn...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/#review82834
-----------------------------------------------------------
Ship it!
Ship It!
- Robert Nettleton
On May 6, 2015, 8:40 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33742/
> -----------------------------------------------------------
>
> (Updated May 6, 2015, 8:40 p.m.)
>
>
> Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
>
>
> Bugs: AMBARI-10018
> https://issues.apache.org/jira/browse/AMBARI-10018
>
>
> Repository: ambari
>
>
> Description
> -------
>
> The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters.
>
> In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met.
>
> The following rules should be settable:
> + Length
> + Minimum number of lowercase letters (`a-z`)
> + Minimum number of uppercase letters (`A-Z`)
> + Minimum number of digits (`0-9`)
> + Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/SecurePasswordHelper.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java 52ac8ac
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675
> ambari-server/src/test/java/org/apache/ambari/server/security/SecurePasswordHelperTest.java PRE-CREATION
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java d833c35
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b
> ambari-web/app/data/HDP2/site_properties.js ae6051f
>
> Diff: https://reviews.apache.org/r/33742/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> #Jenkins test results:#
>
> Tests run: 2949, Failures: 0, Errors: 0, Skipped: 17
>
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:26 h
> [INFO] Finished at: 2015-05-06T20:35:46+00:00
> [INFO] Final Memory: 46M/530M
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 33742: Kerberos: Password generator needs to
generate passwords based on rules to satisfy password policy
Posted by Emil Anca <ea...@hortonworks.com>.
> On May 7, 2015, 8:52 a.m., Emil Anca wrote:
> > Ship It!
Nice one Rob.. (the reusable ambari security password generator resource)
Looks good.
- Emil
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/#review82811
-----------------------------------------------------------
On May 6, 2015, 8:40 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33742/
> -----------------------------------------------------------
>
> (Updated May 6, 2015, 8:40 p.m.)
>
>
> Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
>
>
> Bugs: AMBARI-10018
> https://issues.apache.org/jira/browse/AMBARI-10018
>
>
> Repository: ambari
>
>
> Description
> -------
>
> The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters.
>
> In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met.
>
> The following rules should be settable:
> + Length
> + Minimum number of lowercase letters (`a-z`)
> + Minimum number of uppercase letters (`A-Z`)
> + Minimum number of digits (`0-9`)
> + Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/SecurePasswordHelper.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java 52ac8ac
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675
> ambari-server/src/test/java/org/apache/ambari/server/security/SecurePasswordHelperTest.java PRE-CREATION
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java d833c35
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b
> ambari-web/app/data/HDP2/site_properties.js ae6051f
>
> Diff: https://reviews.apache.org/r/33742/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> #Jenkins test results:#
>
> Tests run: 2949, Failures: 0, Errors: 0, Skipped: 17
>
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:26 h
> [INFO] Finished at: 2015-05-06T20:35:46+00:00
> [INFO] Final Memory: 46M/530M
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 33742: Kerberos: Password generator needs to
generate passwords based on rules to satisfy password policy
Posted by Emil Anca <ea...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/#review82811
-----------------------------------------------------------
Ship it!
Ship It!
- Emil Anca
On May 6, 2015, 8:40 p.m., Robert Levas wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33742/
> -----------------------------------------------------------
>
> (Updated May 6, 2015, 8:40 p.m.)
>
>
> Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
>
>
> Bugs: AMBARI-10018
> https://issues.apache.org/jira/browse/AMBARI-10018
>
>
> Repository: ambari
>
>
> Description
> -------
>
> The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters.
>
> In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met.
>
> The following rules should be settable:
> + Length
> + Minimum number of lowercase letters (`a-z`)
> + Minimum number of uppercase letters (`A-Z`)
> + Minimum number of digits (`0-9`)
> + Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
>
>
> Diffs
> -----
>
> ambari-server/src/main/java/org/apache/ambari/server/security/SecurePasswordHelper.java PRE-CREATION
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java 52ac8ac
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf
> ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12
> ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675
> ambari-server/src/test/java/org/apache/ambari/server/security/SecurePasswordHelperTest.java PRE-CREATION
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java d833c35
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7
> ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b
> ambari-web/app/data/HDP2/site_properties.js ae6051f
>
> Diff: https://reviews.apache.org/r/33742/diff/
>
>
> Testing
> -------
>
> Manual testing
>
> #Jenkins test results:#
>
> Tests run: 2949, Failures: 0, Errors: 0, Skipped: 17
>
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:26 h
> [INFO] Finished at: 2015-05-06T20:35:46+00:00
> [INFO] Final Memory: 46M/530M
> [INFO] ------------------------------------------------------------------------
>
>
> Thanks,
>
> Robert Levas
>
>
Re: Review Request 33742: Kerberos: Password generator needs to
generate passwords based on rules to satisfy password policy
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/
-----------------------------------------------------------
(Updated May 6, 2015, 4:40 p.m.)
Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
Bugs: AMBARI-10018
https://issues.apache.org/jira/browse/AMBARI-10018
Repository: ambari
Description
-------
The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters.
In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met.
The following rules should be settable:
+ Length
+ Minimum number of lowercase letters (`a-z`)
+ Minimum number of uppercase letters (`A-Z`)
+ Minimum number of digits (`0-9`)
+ Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
Diffs
-----
ambari-server/src/main/java/org/apache/ambari/server/security/SecurePasswordHelper.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java 52ac8ac
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675
ambari-server/src/test/java/org/apache/ambari/server/security/SecurePasswordHelperTest.java PRE-CREATION
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java d833c35
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b
ambari-web/app/data/HDP2/site_properties.js ae6051f
Diff: https://reviews.apache.org/r/33742/diff/
Testing (updated)
-------
Manual testing
#Jenkins test results:#
Tests run: 2949, Failures: 0, Errors: 0, Skipped: 17
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:26 h
[INFO] Finished at: 2015-05-06T20:35:46+00:00
[INFO] Final Memory: 46M/530M
[INFO] ------------------------------------------------------------------------
Thanks,
Robert Levas
Re: Review Request 33742: Kerberos: Password generator needs to
generate passwords based on rules to satisfy password policy
Posted by Robert Levas <rl...@hortonworks.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/
-----------------------------------------------------------
(Updated May 6, 2015, 2:25 p.m.)
Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
Changes
-------
Moved secure password generation code to a separate class (`org.apache.ambari.server.security.SecurePasswordHelper`)
Bugs: AMBARI-10018
https://issues.apache.org/jira/browse/AMBARI-10018
Repository: ambari
Description
-------
The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters.
In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met.
The following rules should be settable:
+ Length
+ Minimum number of lowercase letters (`a-z`)
+ Minimum number of uppercase letters (`A-Z`)
+ Minimum number of digits (`0-9`)
+ Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
Diffs (updated)
-----
ambari-server/src/main/java/org/apache/ambari/server/security/SecurePasswordHelper.java PRE-CREATION
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java 52ac8ac
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf
ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12
ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675
ambari-server/src/test/java/org/apache/ambari/server/security/SecurePasswordHelperTest.java PRE-CREATION
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java d833c35
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7
ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b
ambari-web/app/data/HDP2/site_properties.js ae6051f
Diff: https://reviews.apache.org/r/33742/diff/
Testing
-------
Manual testing
**Jenkins test results: PENDING**
Thanks,
Robert Levas