Review Request 33742: Kerberos: Password generator needs to generate passwords based on rules to satisfy password policy

[Robert Levas <rl...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/
-----------------------------------------------------------

Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.


Bugs: AMBARI-10018
    https://issues.apache.org/jira/browse/AMBARI-10018


Repository: ambari


Description
-------

The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters. 

In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met. 

The following rules should be settable:
+ Length
+ Minimum number of lowercase letters (`a-z`)
+ Minimum number of uppercase letters (`A-Z`)
+ Minimum number of digits (`0-9`)
+ Minimum number of punctuation characters (`?.!$%^*()-_+=~`)


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b 
  ambari-web/app/data/HDP2/site_properties.js a35104e 

Diff: https://reviews.apache.org/r/33742/diff/


Testing
-------

Manual testing

**Jenkins test results: PENDING**


Thanks,

Robert Levas

Re: Review Request 33742: Kerberos: Password generator needs to generate passwords based on rules to satisfy password policy

[Robert Levas <rl...@hortonworks.com>]

> On May 4, 2015, 5:04 a.m., Emil Anca wrote:
> > ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java, line 276
> > <https://reviews.apache.org/r/33742/diff/1/?file=947002#file947002line276>
> >
> >     Isn't this a feature we might reuse? If so we could provide a generically decribed interface with #createSecurePassword and have the Kerb Oper Handler implement it to expose reuseable functionality such as pass generation (or other features) to the non-kerberos code. Just a thought;

I agree that a generic password generation service might be useful... but it should be moved from the Kerberos logic to a separate entry point in the API. That said, the current API strucutre doesn't lend itself to RPC calls like this (meaning a password is not a resource that can be created, updated, retrueved and destroyed - well it can be created).  

However, let me investigate moving this code out to a more generic location in the code and maybe in the future we can add a password generation service via the API.


- Robert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/#review82362
-----------------------------------------------------------


On April 30, 2015, 9:02 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33742/
> -----------------------------------------------------------
> 
> (Updated April 30, 2015, 9:02 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-10018
>     https://issues.apache.org/jira/browse/AMBARI-10018
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters. 
> 
> In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met. 
> 
> The following rules should be settable:
> + Length
> + Minimum number of lowercase letters (`a-z`)
> + Minimum number of uppercase letters (`A-Z`)
> + Minimum number of digits (`0-9`)
> + Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b 
>   ambari-web/app/data/HDP2/site_properties.js a35104e 
> 
> Diff: https://reviews.apache.org/r/33742/diff/
> 
> 
> Testing
> -------
> 
> Manual testing
> 
> **Jenkins test results: PENDING**
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 33742: Kerberos: Password generator needs to generate passwords based on rules to satisfy password policy

[Emil Anca <ea...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/#review82362
-----------------------------------------------------------

Ship it!



ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java
<https://reviews.apache.org/r/33742/#comment133096>

    Isn't this a feature we might reuse? If so we could provide a generically decribed interface with #createSecurePassword and have the Kerb Oper Handler implement it to expose reuseable functionality such as pass generation (or other features) to the non-kerberos code. Just a thought;


- Emil Anca


On May 1, 2015, 1:02 a.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33742/
> -----------------------------------------------------------
> 
> (Updated May 1, 2015, 1:02 a.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-10018
>     https://issues.apache.org/jira/browse/AMBARI-10018
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters. 
> 
> In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met. 
> 
> The following rules should be settable:
> + Length
> + Minimum number of lowercase letters (`a-z`)
> + Minimum number of uppercase letters (`A-Z`)
> + Minimum number of digits (`0-9`)
> + Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b 
>   ambari-web/app/data/HDP2/site_properties.js a35104e 
> 
> Diff: https://reviews.apache.org/r/33742/diff/
> 
> 
> Testing
> -------
> 
> Manual testing
> 
> **Jenkins test results: PENDING**
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 33742: Kerberos: Password generator needs to generate passwords based on rules to satisfy password policy

[Robert Nettleton <rn...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/#review82834
-----------------------------------------------------------

Ship it!


Ship It!

- Robert Nettleton


On May 6, 2015, 8:40 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33742/
> -----------------------------------------------------------
> 
> (Updated May 6, 2015, 8:40 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-10018
>     https://issues.apache.org/jira/browse/AMBARI-10018
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters. 
> 
> In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met. 
> 
> The following rules should be settable:
> + Length
> + Minimum number of lowercase letters (`a-z`)
> + Minimum number of uppercase letters (`A-Z`)
> + Minimum number of digits (`0-9`)
> + Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/security/SecurePasswordHelper.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java 52ac8ac 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675 
>   ambari-server/src/test/java/org/apache/ambari/server/security/SecurePasswordHelperTest.java PRE-CREATION 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java d833c35 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b 
>   ambari-web/app/data/HDP2/site_properties.js ae6051f 
> 
> Diff: https://reviews.apache.org/r/33742/diff/
> 
> 
> Testing
> -------
> 
> Manual testing
> 
> #Jenkins test results:#
> 
> Tests run: 2949, Failures: 0, Errors: 0, Skipped: 17
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:26 h
> [INFO] Finished at: 2015-05-06T20:35:46+00:00
> [INFO] Final Memory: 46M/530M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 33742: Kerberos: Password generator needs to generate passwords based on rules to satisfy password policy

[Emil Anca <ea...@hortonworks.com>]

> On May 7, 2015, 8:52 a.m., Emil Anca wrote:
> > Ship It!

Nice one Rob.. (the reusable ambari security password generator resource)
Looks good.


- Emil


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/#review82811
-----------------------------------------------------------


On May 6, 2015, 8:40 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33742/
> -----------------------------------------------------------
> 
> (Updated May 6, 2015, 8:40 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-10018
>     https://issues.apache.org/jira/browse/AMBARI-10018
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters. 
> 
> In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met. 
> 
> The following rules should be settable:
> + Length
> + Minimum number of lowercase letters (`a-z`)
> + Minimum number of uppercase letters (`A-Z`)
> + Minimum number of digits (`0-9`)
> + Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/security/SecurePasswordHelper.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java 52ac8ac 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675 
>   ambari-server/src/test/java/org/apache/ambari/server/security/SecurePasswordHelperTest.java PRE-CREATION 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java d833c35 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b 
>   ambari-web/app/data/HDP2/site_properties.js ae6051f 
> 
> Diff: https://reviews.apache.org/r/33742/diff/
> 
> 
> Testing
> -------
> 
> Manual testing
> 
> #Jenkins test results:#
> 
> Tests run: 2949, Failures: 0, Errors: 0, Skipped: 17
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:26 h
> [INFO] Finished at: 2015-05-06T20:35:46+00:00
> [INFO] Final Memory: 46M/530M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 33742: Kerberos: Password generator needs to generate passwords based on rules to satisfy password policy

[Emil Anca <ea...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/#review82811
-----------------------------------------------------------

Ship it!


Ship It!

- Emil Anca


On May 6, 2015, 8:40 p.m., Robert Levas wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/33742/
> -----------------------------------------------------------
> 
> (Updated May 6, 2015, 8:40 p.m.)
> 
> 
> Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.
> 
> 
> Bugs: AMBARI-10018
>     https://issues.apache.org/jira/browse/AMBARI-10018
> 
> 
> Repository: ambari
> 
> 
> Description
> -------
> 
> The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters. 
> 
> In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met. 
> 
> The following rules should be settable:
> + Length
> + Minimum number of lowercase letters (`a-z`)
> + Minimum number of uppercase letters (`A-Z`)
> + Minimum number of digits (`0-9`)
> + Minimum number of punctuation characters (`?.!$%^*()-_+=~`)
> 
> 
> Diffs
> -----
> 
>   ambari-server/src/main/java/org/apache/ambari/server/security/SecurePasswordHelper.java PRE-CREATION 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java 52ac8ac 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf 
>   ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12 
>   ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675 
>   ambari-server/src/test/java/org/apache/ambari/server/security/SecurePasswordHelperTest.java PRE-CREATION 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java d833c35 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7 
>   ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b 
>   ambari-web/app/data/HDP2/site_properties.js ae6051f 
> 
> Diff: https://reviews.apache.org/r/33742/diff/
> 
> 
> Testing
> -------
> 
> Manual testing
> 
> #Jenkins test results:#
> 
> Tests run: 2949, Failures: 0, Errors: 0, Skipped: 17
> 
> [INFO] ------------------------------------------------------------------------
> [INFO] BUILD SUCCESS
> [INFO] ------------------------------------------------------------------------
> [INFO] Total time: 01:26 h
> [INFO] Finished at: 2015-05-06T20:35:46+00:00
> [INFO] Final Memory: 46M/530M
> [INFO] ------------------------------------------------------------------------
> 
> 
> Thanks,
> 
> Robert Levas
> 
>

Re: Review Request 33742: Kerberos: Password generator needs to generate passwords based on rules to satisfy password policy

[Robert Levas <rl...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/
-----------------------------------------------------------

(Updated May 6, 2015, 4:40 p.m.)


Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.


Bugs: AMBARI-10018
    https://issues.apache.org/jira/browse/AMBARI-10018


Repository: ambari


Description
-------

The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters. 

In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met. 

The following rules should be settable:
+ Length
+ Minimum number of lowercase letters (`a-z`)
+ Minimum number of uppercase letters (`A-Z`)
+ Minimum number of digits (`0-9`)
+ Minimum number of punctuation characters (`?.!$%^*()-_+=~`)


Diffs
-----

  ambari-server/src/main/java/org/apache/ambari/server/security/SecurePasswordHelper.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java 52ac8ac 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675 
  ambari-server/src/test/java/org/apache/ambari/server/security/SecurePasswordHelperTest.java PRE-CREATION 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java d833c35 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b 
  ambari-web/app/data/HDP2/site_properties.js ae6051f 

Diff: https://reviews.apache.org/r/33742/diff/


Testing (updated)
-------

Manual testing

#Jenkins test results:#

Tests run: 2949, Failures: 0, Errors: 0, Skipped: 17

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 01:26 h
[INFO] Finished at: 2015-05-06T20:35:46+00:00
[INFO] Final Memory: 46M/530M
[INFO] ------------------------------------------------------------------------


Thanks,

Robert Levas

Re: Review Request 33742: Kerberos: Password generator needs to generate passwords based on rules to satisfy password policy

[Robert Levas <rl...@hortonworks.com>]

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/33742/
-----------------------------------------------------------

(Updated May 6, 2015, 2:25 p.m.)


Review request for Ambari, Emil Anca, Jaimin Jetly, Robert Nettleton, and Yusaku Sako.


Changes
-------

Moved secure password generation code to a separate class (`org.apache.ambari.server.security.SecurePasswordHelper`)


Bugs: AMBARI-10018
    https://issues.apache.org/jira/browse/AMBARI-10018


Repository: ambari


Description
-------

The password generator used to generate passwords for identities needs to generate passwords based on a rule set rather than just a random sequence of characters. 

In a KDC (MIT or Active Directory), there may be a policy in place requiring a certain characteristics for the password. By creating a password consisting if 18 characters pulled randomly from `abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890?.!$%^*()-_+=~`, there is no guarantee that any specific policy will be met. 

The following rules should be settable:
+ Length
+ Minimum number of lowercase letters (`a-z`)
+ Minimum number of uppercase letters (`A-Z`)
+ Minimum number of digits (`0-9`)
+ Minimum number of punctuation characters (`?.!$%^*()-_+=~`)


Diffs (updated)
-----

  ambari-server/src/main/java/org/apache/ambari/server/security/SecurePasswordHelper.java PRE-CREATION 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CleanupServerAction.java 52ac8ac 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreateKeytabFilesServerAction.java f48c4cf 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/CreatePrincipalsServerAction.java 13fb49b 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/DestroyPrincipalsServerAction.java a215a56 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/FinalizeKerberosServerAction.java 4925582 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandler.java ed31ccf 
  ambari-server/src/main/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerAction.java a92fb12 
  ambari-server/src/main/resources/common-services/KERBEROS/1.10.3-10/configuration/kerberos-env.xml 682d675 
  ambari-server/src/test/java/org/apache/ambari/server/security/SecurePasswordHelperTest.java PRE-CREATION 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/ADKerberosOperationHandlerTest.java d833c35 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosOperationHandlerTest.java 07094a7 
  ambari-server/src/test/java/org/apache/ambari/server/serveraction/kerberos/KerberosServerActionTest.java 336090b 
  ambari-web/app/data/HDP2/site_properties.js ae6051f 

Diff: https://reviews.apache.org/r/33742/diff/


Testing
-------

Manual testing

**Jenkins test results: PENDING**


Thanks,

Robert Levas