You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kylin.apache.org by "Wu Xiang (JIRA)" <ji...@apache.org> on 2016/02/04 09:30:40 UTC

[jira] [Created] (KYLIN-1401) Passwords in kylin.properties should be enctrypted

Wu Xiang created KYLIN-1401:
-------------------------------

             Summary: Passwords in kylin.properties should be enctrypted
                 Key: KYLIN-1401
                 URL: https://issues.apache.org/jira/browse/KYLIN-1401
             Project: Kylin
          Issue Type: Bug
          Components: Client - CLI
    Affects Versions: v1.2
            Reporter: Wu Xiang
             Fix For: 1.2


When integrating LDAP authentication in Kylin, people might run into the following error message. One possible reason is that Kylin actually requires passwords in kylin.properties be encrypted.

{quote}
Invalid bean definition with name 'ldapSource' defined in class path resource \[kylinSecurity.xm\]: Input length must be multiple of 16 when decrypting with padded cipher
{quote}
Related code for passwords decryption is as follows:
{code:title=PasswordPlaceholderConfigurer.java|borderStyle=solid}
    protected String resolvePlaceholder(String placeholder, Properties props) {
        if (placeholder.toLowerCase().contains("password")) {
            return decrypt(props.getProperty(placeholder));
        } else {
            return props.getProperty(placeholder);
        }
    }
{code}

Related discussion in mailing list: [Link|http://mail-archives.apache.org/mod_mbox/kylin-user/201602.mbox/%3CCAJxfx2ANpe0rG1Vm1R_Sdh4XZuNP3FCswXmv1_xFUVSpdOkH_A%40mail.gmail.com%3E]


In this ticket, I would propose a CLI tool for password encryption for Kylin, and add related documentation in [How to Enable Security with LDAP and SSO|http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)