You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geode.apache.org by Jinmei Liao <ji...@pivotal.io> on 2016/09/23 17:48:34 UTC

security properties in the cluster config

Hi, All,

I am working on this ticket:
https://issues.apache.org/jira/browse/GEODE-1659. Basically, currently, any
member(locator or server) needs to specify its own security-manager in
order to protect its data which could leads to misconfiguration and data
leak. So we would like to put it into the cluster configuration so any
member who wants to join the cluster will need to apply the same security
measures.

Now Here is my question, should we only put the "security-manager" and
"security-post-processor" in the cluster config or any "security-*"
settings, which include SSL settings as well.

Thanks!

-- 
Cheers

Jinmei

Re: security properties in the cluster config

Posted by Bruce Schuchardt <bs...@pivotal.io>.

Okay, so that won't work for any communications settings.  They all need to
be in place long before a Cache is built and cluster configuration
information is available.

On Tue, Sep 27, 2016 at 4:56 PM, Jinmei Liao <ji...@pivotal.io> wrote:

> By "putting a property in the cluster config", I meant this property will
> be passed down to the joining members if enable-cluster-configuration is
> set true in the locator and use-cluster-configuration is true in the
> member. This is what we are doing for security-manager and
> security-post-processor. You still specify those properties in your normal
> properties file.
>
> On Tue, Sep 27, 2016 at 4:47 PM, Bruce Schuchardt <bs...@pivotal.io>
> wrote:
>
> > Isn't cluster-configuration optional?  If I restart a locator and it
> > doesn't have a persistent cluster configuration it is going to need to
> know
> > the DH algorithm in order to communicate with other members and join the
> > system.
> >
> > If it's going to stop being optional then I think we could conceivably
> > move this setting to the cluster-configuration.  It might be odd to have
> > that in cluster-config and SSL settings in the properties file though.
> > Both concern secure communications.
> >
> >
> > Le 9/27/2016 à 4:30 PM, Jinmei Liao a écrit :
> >
> >> for "security-udp-dhalgo" property, If "Each member needs to define this
> >> property with the same algorithm", it would make sense to put that in
> the
> >> cluster configuration.
> >>
> >> On Tue, Sep 27, 2016 at 3:09 PM, Bruce Schuchardt <
> bschuchardt@pivotal.io
> >> >
> >> wrote:
> >>
> >> security-udp-dhalgo is new and is described here:
> >>> https://cwiki.apache.org/confluence/display/GEODE/Secure+
> >>> UDP+Communication+in+Geode
> >>>
> >>>
> >>> Le 9/26/2016 à 11:23 AM, Swapnil Bawaskar a écrit :
> >>>
> >>> Hi John,
> >>>> security-manager and security-post-processor are discussed here:
> >>>> https://cwiki.apache.org/confluence/display/GEODE/Geode+
> >>>> Integrated+Security
> >>>>
> >>>> On Mon, Sep 26, 2016 at 11:01 AM, Joey McAllister <
> >>>> jmcallister@pivotal.io
> >>>> wrote:
> >>>>
> >>>> Hi John,
> >>>>
> >>>>> They are documented in the docs dev branch and will be published with
> >>>>> the
> >>>>> next Geode release. Also, we're scheduled to donate the docs code to
> >>>>> the
> >>>>> project later this week, so you'll be able to see the work in dev.
> >>>>>
> >>>>> Best,
> >>>>> Joey
> >>>>>
> >>>>> On Mon, Sep 26, 2016 at 10:41 AM John Blum <jb...@pivotal.io> wrote:
> >>>>>
> >>>>> Jinmei-
> >>>>>
> >>>>>> Where are the following security-* properties documented?
> >>>>>>
> >>>>>> security-udp-dhalgo
> >>>>>>
> >>>>>> security-manager
> >>>>>>
> >>>>>> security-post-processor
> >>>>>>
> >>>>>> They certainly are not documented in the (Geode) User Docs, here
> >>>>>> <
> >>>>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
> >>>>>>
> >>>>>> properties.html
> >>>>>
> >>>>>    [1].
> >>>>>>
> >>>>>> Thanks!
> >>>>>> John
> >>>>>>
> >>>>>> [1]
> >>>>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
> >>>>>>
> >>>>>> properties.html
> >>>>>
> >>>>>
> >>>>>> On Mon, Sep 26, 2016 at 8:42 AM, Jinmei Liao <ji...@pivotal.io>
> >>>>>> wrote:
> >>>>>>
> >>>>>> Actually, I looked into the the config settings, these are the list
> of
> >>>>>>
> >>>>>>> settings that begin with security-. SSL settings are not there. The
> >>>>>>> security-client-* and security-peer-* are deprecated, so they don't
> >>>>>>>
> >>>>>>> need
> >>>>>> to
> >>>>>>
> >>>>>> be in the cluster config. What about the udp-dhalgo and log-file and
> >>>>>>> log-level? Does it hurt to put them in the cluster-config?
> >>>>>>>
> >>>>>>> "security-client-authenticator";
> >>>>>>>
> >>>>>>> "security-client-accessor";
> >>>>>>>
> >>>>>>> "security-client-accessor-pp";
> >>>>>>>
> >>>>>>> "security-client-auth-init";
> >>>>>>>
> >>>>>>> "security-client-dhalgo";
> >>>>>>>
> >>>>>>> "security-peer-auth-init";
> >>>>>>>
> >>>>>>> "security-peer-authenticator";
> >>>>>>>
> >>>>>>> "security-peer-verifymember-timeout";
> >>>>>>>
> >>>>>>> "security-udp-dhalgo";
> >>>>>>>
> >>>>>>> "security-log-file";
> >>>>>>>
> >>>>>>> "security-log-level";
> >>>>>>>
> >>>>>>> "security-manager";
> >>>>>>>
> >>>>>>> "security-post-processor";
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> On Fri, Sep 23, 2016 at 12:41 PM, Bruce Schuchardt <
> >>>>>>>
> >>>>>>> bschuchardt@pivotal.io
> >>>>>>
> >>>>>> wrote:
> >>>>>>>
> >>>>>>> SSL settings and the new UDP dhAlgo setting can't be in the cluster
> >>>>>>>
> >>>>>>>> config.  The cluster config is received over TCP/IP so you would
> >>>>>>>> have
> >>>>>>>>
> >>>>>>>> to
> >>>>>>> use unsecured information to retrieve the settings, and you'd have
> to
> >>>>>>> do
> >>>>>>> it
> >>>>>>>
> >>>>>>> before the cache is created.
> >>>>>>>>
> >>>>>>>> Does the security-manager have any role to play prior to the cache
> >>>>>>>>
> >>>>>>>> being
> >>>>>>> created?   For instance, is it involved in authenticating the
> receipt
> >>>>>>> of
> >>>>>>> a
> >>>>>>>
> >>>>>>> new membership view or a join request in GMSAuthenticator?  If so
> you
> >>>>>>>>
> >>>>>>>> can't
> >>>>>>>
> >>>>>>> store it in the cluster config, which is only retrieved later on
> >>>>>>>>
> >>>>>>>> during
> >>>>>>>
> >>>>>> cache creation.
> >>>>>>
> >>>>>>>
> >>>>>>>>
> >>>>>>>> Le 9/23/2016 à 11:57 AM, Michael Stolz a écrit :
> >>>>>>>>
> >>>>>>>> I am in favor of keeping the SSL thoughts separate from the RBAC
> >>>>>>>> thoughts,
> >>>>>>>> but I don't see any reason they couldn't share the same
> repository.
> >>>>>>>>
> >>>>>>>>> That said though, does putting it all into the Cluster
> >>>>>>>>> Configuration
> >>>>>>>>> Manager (CCM) make it so that you can only have security if you
> are
> >>>>>>>>>
> >>>>>>>>> using
> >>>>>>>> CCM for configuration?
> >>>>>>>>
> >>>>>>>>>
> >>>>>>>>> --
> >>>>>>>>> Mike Stolz
> >>>>>>>>> Principal Engineer, GemFire Product Manager
> >>>>>>>>> Mobile: 631-835-4771
> >>>>>>>>>
> >>>>>>>>> On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io>
> >>>>>>>>>
> >>>>>>>>> wrote:
> >>>>>>>>
> >>>>>>> Hi, All,
> >>>>>>>
> >>>>>>>> I am working on this ticket:
> >>>>>>>>>> https://issues.apache.org/jira/browse/GEODE-1659. Basically,
> >>>>>>>>>>
> >>>>>>>>>> currently,
> >>>>>>>>>
> >>>>>>>> any
> >>>>>>>>
> >>>>>>>>> member(locator or server) needs to specify its own
> security-manager
> >>>>>>>>>>
> >>>>>>>>>> in
> >>>>>>>>>
> >>>>>>>> order to protect its data which could leads to misconfiguration
> and
> >>>>>>>
> >>>>>>>> data
> >>>>>>>>>
> >>>>>>>> leak. So we would like to put it into the cluster configuration so
> >>>>>>>>
> >>>>>>>>> any
> >>>>>>>>>
> >>>>>>>> member who wants to join the cluster will need to apply the same
> >>>>>>>
> >>>>>>>> security
> >>>>>>>>>
> >>>>>>>> measures.
> >>>>>>>>
> >>>>>>>>> Now Here is my question, should we only put the
> "security-manager"
> >>>>>>>>>>
> >>>>>>>>>> and
> >>>>>>>>>
> >>>>>>>> "security-post-processor" in the cluster config or any
> "security-*"
> >>>>>>>
> >>>>>>>> settings, which include SSL settings as well.
> >>>>>>>>>>
> >>>>>>>>>> Thanks!
> >>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>>>>> Cheers
> >>>>>>>>>>
> >>>>>>>>>> Jinmei
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> --
> >>>>>>> Cheers
> >>>>>>>
> >>>>>>> Jinmei
> >>>>>>>
> >>>>>>>
> >>>>>>> --
> >>>>>> -John
> >>>>>> 503-504-8657
> >>>>>> john.blum10101 (skype)
> >>>>>>
> >>>>>>
> >>>>>>
> >>
> >
>
>
> --
> Cheers
>
> Jinmei
>

Re: security properties in the cluster config

Posted by Jinmei Liao <ji...@pivotal.io>.

By "putting a property in the cluster config", I meant this property will
be passed down to the joining members if enable-cluster-configuration is
set true in the locator and use-cluster-configuration is true in the
member. This is what we are doing for security-manager and
security-post-processor. You still specify those properties in your normal
properties file.

On Tue, Sep 27, 2016 at 4:47 PM, Bruce Schuchardt <bs...@pivotal.io>
wrote:

> Isn't cluster-configuration optional?  If I restart a locator and it
> doesn't have a persistent cluster configuration it is going to need to know
> the DH algorithm in order to communicate with other members and join the
> system.
>
> If it's going to stop being optional then I think we could conceivably
> move this setting to the cluster-configuration.  It might be odd to have
> that in cluster-config and SSL settings in the properties file though.
> Both concern secure communications.
>
>
> Le 9/27/2016 à 4:30 PM, Jinmei Liao a écrit :
>
>> for "security-udp-dhalgo" property, If "Each member needs to define this
>> property with the same algorithm", it would make sense to put that in the
>> cluster configuration.
>>
>> On Tue, Sep 27, 2016 at 3:09 PM, Bruce Schuchardt <bschuchardt@pivotal.io
>> >
>> wrote:
>>
>> security-udp-dhalgo is new and is described here:
>>> https://cwiki.apache.org/confluence/display/GEODE/Secure+
>>> UDP+Communication+in+Geode
>>>
>>>
>>> Le 9/26/2016 à 11:23 AM, Swapnil Bawaskar a écrit :
>>>
>>> Hi John,
>>>> security-manager and security-post-processor are discussed here:
>>>> https://cwiki.apache.org/confluence/display/GEODE/Geode+
>>>> Integrated+Security
>>>>
>>>> On Mon, Sep 26, 2016 at 11:01 AM, Joey McAllister <
>>>> jmcallister@pivotal.io
>>>> wrote:
>>>>
>>>> Hi John,
>>>>
>>>>> They are documented in the docs dev branch and will be published with
>>>>> the
>>>>> next Geode release. Also, we're scheduled to donate the docs code to
>>>>> the
>>>>> project later this week, so you'll be able to see the work in dev.
>>>>>
>>>>> Best,
>>>>> Joey
>>>>>
>>>>> On Mon, Sep 26, 2016 at 10:41 AM John Blum <jb...@pivotal.io> wrote:
>>>>>
>>>>> Jinmei-
>>>>>
>>>>>> Where are the following security-* properties documented?
>>>>>>
>>>>>> security-udp-dhalgo
>>>>>>
>>>>>> security-manager
>>>>>>
>>>>>> security-post-processor
>>>>>>
>>>>>> They certainly are not documented in the (Geode) User Docs, here
>>>>>> <
>>>>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
>>>>>>
>>>>>> properties.html
>>>>>
>>>>>    [1].
>>>>>>
>>>>>> Thanks!
>>>>>> John
>>>>>>
>>>>>> [1]
>>>>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
>>>>>>
>>>>>> properties.html
>>>>>
>>>>>
>>>>>> On Mon, Sep 26, 2016 at 8:42 AM, Jinmei Liao <ji...@pivotal.io>
>>>>>> wrote:
>>>>>>
>>>>>> Actually, I looked into the the config settings, these are the list of
>>>>>>
>>>>>>> settings that begin with security-. SSL settings are not there. The
>>>>>>> security-client-* and security-peer-* are deprecated, so they don't
>>>>>>>
>>>>>>> need
>>>>>> to
>>>>>>
>>>>>> be in the cluster config. What about the udp-dhalgo and log-file and
>>>>>>> log-level? Does it hurt to put them in the cluster-config?
>>>>>>>
>>>>>>> "security-client-authenticator";
>>>>>>>
>>>>>>> "security-client-accessor";
>>>>>>>
>>>>>>> "security-client-accessor-pp";
>>>>>>>
>>>>>>> "security-client-auth-init";
>>>>>>>
>>>>>>> "security-client-dhalgo";
>>>>>>>
>>>>>>> "security-peer-auth-init";
>>>>>>>
>>>>>>> "security-peer-authenticator";
>>>>>>>
>>>>>>> "security-peer-verifymember-timeout";
>>>>>>>
>>>>>>> "security-udp-dhalgo";
>>>>>>>
>>>>>>> "security-log-file";
>>>>>>>
>>>>>>> "security-log-level";
>>>>>>>
>>>>>>> "security-manager";
>>>>>>>
>>>>>>> "security-post-processor";
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Sep 23, 2016 at 12:41 PM, Bruce Schuchardt <
>>>>>>>
>>>>>>> bschuchardt@pivotal.io
>>>>>>
>>>>>> wrote:
>>>>>>>
>>>>>>> SSL settings and the new UDP dhAlgo setting can't be in the cluster
>>>>>>>
>>>>>>>> config.  The cluster config is received over TCP/IP so you would
>>>>>>>> have
>>>>>>>>
>>>>>>>> to
>>>>>>> use unsecured information to retrieve the settings, and you'd have to
>>>>>>> do
>>>>>>> it
>>>>>>>
>>>>>>> before the cache is created.
>>>>>>>>
>>>>>>>> Does the security-manager have any role to play prior to the cache
>>>>>>>>
>>>>>>>> being
>>>>>>> created?   For instance, is it involved in authenticating the receipt
>>>>>>> of
>>>>>>> a
>>>>>>>
>>>>>>> new membership view or a join request in GMSAuthenticator?  If so you
>>>>>>>>
>>>>>>>> can't
>>>>>>>
>>>>>>> store it in the cluster config, which is only retrieved later on
>>>>>>>>
>>>>>>>> during
>>>>>>>
>>>>>> cache creation.
>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Le 9/23/2016 à 11:57 AM, Michael Stolz a écrit :
>>>>>>>>
>>>>>>>> I am in favor of keeping the SSL thoughts separate from the RBAC
>>>>>>>> thoughts,
>>>>>>>> but I don't see any reason they couldn't share the same repository.
>>>>>>>>
>>>>>>>>> That said though, does putting it all into the Cluster
>>>>>>>>> Configuration
>>>>>>>>> Manager (CCM) make it so that you can only have security if you are
>>>>>>>>>
>>>>>>>>> using
>>>>>>>> CCM for configuration?
>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Mike Stolz
>>>>>>>>> Principal Engineer, GemFire Product Manager
>>>>>>>>> Mobile: 631-835-4771
>>>>>>>>>
>>>>>>>>> On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io>
>>>>>>>>>
>>>>>>>>> wrote:
>>>>>>>>
>>>>>>> Hi, All,
>>>>>>>
>>>>>>>> I am working on this ticket:
>>>>>>>>>> https://issues.apache.org/jira/browse/GEODE-1659. Basically,
>>>>>>>>>>
>>>>>>>>>> currently,
>>>>>>>>>
>>>>>>>> any
>>>>>>>>
>>>>>>>>> member(locator or server) needs to specify its own security-manager
>>>>>>>>>>
>>>>>>>>>> in
>>>>>>>>>
>>>>>>>> order to protect its data which could leads to misconfiguration and
>>>>>>>
>>>>>>>> data
>>>>>>>>>
>>>>>>>> leak. So we would like to put it into the cluster configuration so
>>>>>>>>
>>>>>>>>> any
>>>>>>>>>
>>>>>>>> member who wants to join the cluster will need to apply the same
>>>>>>>
>>>>>>>> security
>>>>>>>>>
>>>>>>>> measures.
>>>>>>>>
>>>>>>>>> Now Here is my question, should we only put the "security-manager"
>>>>>>>>>>
>>>>>>>>>> and
>>>>>>>>>
>>>>>>>> "security-post-processor" in the cluster config or any "security-*"
>>>>>>>
>>>>>>>> settings, which include SSL settings as well.
>>>>>>>>>>
>>>>>>>>>> Thanks!
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Cheers
>>>>>>>>>>
>>>>>>>>>> Jinmei
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>> Cheers
>>>>>>>
>>>>>>> Jinmei
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>> -John
>>>>>> 503-504-8657
>>>>>> john.blum10101 (skype)
>>>>>>
>>>>>>
>>>>>>
>>
>


-- 
Cheers

Jinmei

Re: security properties in the cluster config

Posted by John Blum <jb...@pivotal.io>.

Cluster config is optional and should not be required.  Cluster config is
not applicable in all contexts and in certain architectures (e.g. embedded,
peer cache applications), would create more problems than it solves.

On Tue, Sep 27, 2016 at 4:47 PM, Bruce Schuchardt <bs...@pivotal.io>
wrote:

> Isn't cluster-configuration optional?  If I restart a locator and it
> doesn't have a persistent cluster configuration it is going to need to know
> the DH algorithm in order to communicate with other members and join the
> system.
>
> If it's going to stop being optional then I think we could conceivably
> move this setting to the cluster-configuration.  It might be odd to have
> that in cluster-config and SSL settings in the properties file though.
> Both concern secure communications.
>
>
> Le 9/27/2016 à 4:30 PM, Jinmei Liao a écrit :
>
>> for "security-udp-dhalgo" property, If "Each member needs to define this
>> property with the same algorithm", it would make sense to put that in the
>> cluster configuration.
>>
>> On Tue, Sep 27, 2016 at 3:09 PM, Bruce Schuchardt <bschuchardt@pivotal.io
>> >
>> wrote:
>>
>> security-udp-dhalgo is new and is described here:
>>> https://cwiki.apache.org/confluence/display/GEODE/Secure+
>>> UDP+Communication+in+Geode
>>>
>>>
>>> Le 9/26/2016 à 11:23 AM, Swapnil Bawaskar a écrit :
>>>
>>> Hi John,
>>>> security-manager and security-post-processor are discussed here:
>>>> https://cwiki.apache.org/confluence/display/GEODE/Geode+
>>>> Integrated+Security
>>>>
>>>> On Mon, Sep 26, 2016 at 11:01 AM, Joey McAllister <
>>>> jmcallister@pivotal.io
>>>> wrote:
>>>>
>>>> Hi John,
>>>>
>>>>> They are documented in the docs dev branch and will be published with
>>>>> the
>>>>> next Geode release. Also, we're scheduled to donate the docs code to
>>>>> the
>>>>> project later this week, so you'll be able to see the work in dev.
>>>>>
>>>>> Best,
>>>>> Joey
>>>>>
>>>>> On Mon, Sep 26, 2016 at 10:41 AM John Blum <jb...@pivotal.io> wrote:
>>>>>
>>>>> Jinmei-
>>>>>
>>>>>> Where are the following security-* properties documented?
>>>>>>
>>>>>> security-udp-dhalgo
>>>>>>
>>>>>> security-manager
>>>>>>
>>>>>> security-post-processor
>>>>>>
>>>>>> They certainly are not documented in the (Geode) User Docs, here
>>>>>> <
>>>>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
>>>>>>
>>>>>> properties.html
>>>>>
>>>>>    [1].
>>>>>>
>>>>>> Thanks!
>>>>>> John
>>>>>>
>>>>>> [1]
>>>>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
>>>>>>
>>>>>> properties.html
>>>>>
>>>>>
>>>>>> On Mon, Sep 26, 2016 at 8:42 AM, Jinmei Liao <ji...@pivotal.io>
>>>>>> wrote:
>>>>>>
>>>>>> Actually, I looked into the the config settings, these are the list of
>>>>>>
>>>>>>> settings that begin with security-. SSL settings are not there. The
>>>>>>> security-client-* and security-peer-* are deprecated, so they don't
>>>>>>>
>>>>>>> need
>>>>>> to
>>>>>>
>>>>>> be in the cluster config. What about the udp-dhalgo and log-file and
>>>>>>> log-level? Does it hurt to put them in the cluster-config?
>>>>>>>
>>>>>>> "security-client-authenticator";
>>>>>>>
>>>>>>> "security-client-accessor";
>>>>>>>
>>>>>>> "security-client-accessor-pp";
>>>>>>>
>>>>>>> "security-client-auth-init";
>>>>>>>
>>>>>>> "security-client-dhalgo";
>>>>>>>
>>>>>>> "security-peer-auth-init";
>>>>>>>
>>>>>>> "security-peer-authenticator";
>>>>>>>
>>>>>>> "security-peer-verifymember-timeout";
>>>>>>>
>>>>>>> "security-udp-dhalgo";
>>>>>>>
>>>>>>> "security-log-file";
>>>>>>>
>>>>>>> "security-log-level";
>>>>>>>
>>>>>>> "security-manager";
>>>>>>>
>>>>>>> "security-post-processor";
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Fri, Sep 23, 2016 at 12:41 PM, Bruce Schuchardt <
>>>>>>>
>>>>>>> bschuchardt@pivotal.io
>>>>>>
>>>>>> wrote:
>>>>>>>
>>>>>>> SSL settings and the new UDP dhAlgo setting can't be in the cluster
>>>>>>>
>>>>>>>> config.  The cluster config is received over TCP/IP so you would
>>>>>>>> have
>>>>>>>>
>>>>>>>> to
>>>>>>> use unsecured information to retrieve the settings, and you'd have to
>>>>>>> do
>>>>>>> it
>>>>>>>
>>>>>>> before the cache is created.
>>>>>>>>
>>>>>>>> Does the security-manager have any role to play prior to the cache
>>>>>>>>
>>>>>>>> being
>>>>>>> created?   For instance, is it involved in authenticating the receipt
>>>>>>> of
>>>>>>> a
>>>>>>>
>>>>>>> new membership view or a join request in GMSAuthenticator?  If so you
>>>>>>>>
>>>>>>>> can't
>>>>>>>
>>>>>>> store it in the cluster config, which is only retrieved later on
>>>>>>>>
>>>>>>>> during
>>>>>>>
>>>>>> cache creation.
>>>>>>
>>>>>>>
>>>>>>>>
>>>>>>>> Le 9/23/2016 à 11:57 AM, Michael Stolz a écrit :
>>>>>>>>
>>>>>>>> I am in favor of keeping the SSL thoughts separate from the RBAC
>>>>>>>> thoughts,
>>>>>>>> but I don't see any reason they couldn't share the same repository.
>>>>>>>>
>>>>>>>>> That said though, does putting it all into the Cluster
>>>>>>>>> Configuration
>>>>>>>>> Manager (CCM) make it so that you can only have security if you are
>>>>>>>>>
>>>>>>>>> using
>>>>>>>> CCM for configuration?
>>>>>>>>
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Mike Stolz
>>>>>>>>> Principal Engineer, GemFire Product Manager
>>>>>>>>> Mobile: 631-835-4771
>>>>>>>>>
>>>>>>>>> On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io>
>>>>>>>>>
>>>>>>>>> wrote:
>>>>>>>>
>>>>>>> Hi, All,
>>>>>>>
>>>>>>>> I am working on this ticket:
>>>>>>>>>> https://issues.apache.org/jira/browse/GEODE-1659. Basically,
>>>>>>>>>>
>>>>>>>>>> currently,
>>>>>>>>>
>>>>>>>> any
>>>>>>>>
>>>>>>>>> member(locator or server) needs to specify its own security-manager
>>>>>>>>>>
>>>>>>>>>> in
>>>>>>>>>
>>>>>>>> order to protect its data which could leads to misconfiguration and
>>>>>>>
>>>>>>>> data
>>>>>>>>>
>>>>>>>> leak. So we would like to put it into the cluster configuration so
>>>>>>>>
>>>>>>>>> any
>>>>>>>>>
>>>>>>>> member who wants to join the cluster will need to apply the same
>>>>>>>
>>>>>>>> security
>>>>>>>>>
>>>>>>>> measures.
>>>>>>>>
>>>>>>>>> Now Here is my question, should we only put the "security-manager"
>>>>>>>>>>
>>>>>>>>>> and
>>>>>>>>>
>>>>>>>> "security-post-processor" in the cluster config or any "security-*"
>>>>>>>
>>>>>>>> settings, which include SSL settings as well.
>>>>>>>>>>
>>>>>>>>>> Thanks!
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>>>>> Cheers
>>>>>>>>>>
>>>>>>>>>> Jinmei
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> --
>>>>>>> Cheers
>>>>>>>
>>>>>>> Jinmei
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>> -John
>>>>>> 503-504-8657
>>>>>> john.blum10101 (skype)
>>>>>>
>>>>>>
>>>>>>
>>
>


-- 
-John
503-504-8657
john.blum10101 (skype)

Re: security properties in the cluster config

Posted by Bruce Schuchardt <bs...@pivotal.io>.

Isn't cluster-configuration optional?  If I restart a locator and it 
doesn't have a persistent cluster configuration it is going to need to 
know the DH algorithm in order to communicate with other members and 
join the system.

If it's going to stop being optional then I think we could conceivably 
move this setting to the cluster-configuration.  It might be odd to have 
that in cluster-config and SSL settings in the properties file though.  
Both concern secure communications.

Le 9/27/2016 � 4:30 PM, Jinmei Liao a �crit :
> for "security-udp-dhalgo" property, If "Each member needs to define this
> property with the same algorithm", it would make sense to put that in the
> cluster configuration.
>
> On Tue, Sep 27, 2016 at 3:09 PM, Bruce Schuchardt <bs...@pivotal.io>
> wrote:
>
>> security-udp-dhalgo is new and is described here:
>> https://cwiki.apache.org/confluence/display/GEODE/Secure+
>> UDP+Communication+in+Geode
>>
>>
>> Le 9/26/2016 � 11:23 AM, Swapnil Bawaskar a �crit :
>>
>>> Hi John,
>>> security-manager and security-post-processor are discussed here:
>>> https://cwiki.apache.org/confluence/display/GEODE/Geode+
>>> Integrated+Security
>>>
>>> On Mon, Sep 26, 2016 at 11:01 AM, Joey McAllister <jmcallister@pivotal.io
>>> wrote:
>>>
>>> Hi John,
>>>> They are documented in the docs dev branch and will be published with the
>>>> next Geode release. Also, we're scheduled to donate the docs code to the
>>>> project later this week, so you'll be able to see the work in dev.
>>>>
>>>> Best,
>>>> Joey
>>>>
>>>> On Mon, Sep 26, 2016 at 10:41 AM John Blum <jb...@pivotal.io> wrote:
>>>>
>>>> Jinmei-
>>>>> Where are the following security-* properties documented?
>>>>>
>>>>> security-udp-dhalgo
>>>>>
>>>>> security-manager
>>>>>
>>>>> security-post-processor
>>>>>
>>>>> They certainly are not documented in the (Geode) User Docs, here
>>>>> <
>>>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
>>>>>
>>>> properties.html
>>>>
>>>>>    [1].
>>>>>
>>>>> Thanks!
>>>>> John
>>>>>
>>>>> [1]
>>>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
>>>>>
>>>> properties.html
>>>>
>>>>>
>>>>> On Mon, Sep 26, 2016 at 8:42 AM, Jinmei Liao <ji...@pivotal.io> wrote:
>>>>>
>>>>> Actually, I looked into the the config settings, these are the list of
>>>>>> settings that begin with security-. SSL settings are not there. The
>>>>>> security-client-* and security-peer-* are deprecated, so they don't
>>>>>>
>>>>> need
>>>>> to
>>>>>
>>>>>> be in the cluster config. What about the udp-dhalgo and log-file and
>>>>>> log-level? Does it hurt to put them in the cluster-config?
>>>>>>
>>>>>> "security-client-authenticator";
>>>>>>
>>>>>> "security-client-accessor";
>>>>>>
>>>>>> "security-client-accessor-pp";
>>>>>>
>>>>>> "security-client-auth-init";
>>>>>>
>>>>>> "security-client-dhalgo";
>>>>>>
>>>>>> "security-peer-auth-init";
>>>>>>
>>>>>> "security-peer-authenticator";
>>>>>>
>>>>>> "security-peer-verifymember-timeout";
>>>>>>
>>>>>> "security-udp-dhalgo";
>>>>>>
>>>>>> "security-log-file";
>>>>>>
>>>>>> "security-log-level";
>>>>>>
>>>>>> "security-manager";
>>>>>>
>>>>>> "security-post-processor";
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Sep 23, 2016 at 12:41 PM, Bruce Schuchardt <
>>>>>>
>>>>> bschuchardt@pivotal.io
>>>>>
>>>>>> wrote:
>>>>>>
>>>>>> SSL settings and the new UDP dhAlgo setting can't be in the cluster
>>>>>>> config.  The cluster config is received over TCP/IP so you would have
>>>>>>>
>>>>>> to
>>>>>> use unsecured information to retrieve the settings, and you'd have to
>>>>>> do
>>>>>> it
>>>>>>
>>>>>>> before the cache is created.
>>>>>>>
>>>>>>> Does the security-manager have any role to play prior to the cache
>>>>>>>
>>>>>> being
>>>>>> created?   For instance, is it involved in authenticating the receipt
>>>>>> of
>>>>>> a
>>>>>>
>>>>>>> new membership view or a join request in GMSAuthenticator?  If so you
>>>>>>>
>>>>>> can't
>>>>>>
>>>>>>> store it in the cluster config, which is only retrieved later on
>>>>>>>
>>>>>> during
>>>>> cache creation.
>>>>>>>
>>>>>>>
>>>>>>> Le 9/23/2016 � 11:57 AM, Michael Stolz a �crit :
>>>>>>>
>>>>>>> I am in favor of keeping the SSL thoughts separate from the RBAC
>>>>>>> thoughts,
>>>>>>> but I don't see any reason they couldn't share the same repository.
>>>>>>>> That said though, does putting it all into the Cluster Configuration
>>>>>>>> Manager (CCM) make it so that you can only have security if you are
>>>>>>>>
>>>>>>> using
>>>>>>> CCM for configuration?
>>>>>>>>
>>>>>>>> --
>>>>>>>> Mike Stolz
>>>>>>>> Principal Engineer, GemFire Product Manager
>>>>>>>> Mobile: 631-835-4771
>>>>>>>>
>>>>>>>> On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io>
>>>>>>>>
>>>>>>> wrote:
>>>>>> Hi, All,
>>>>>>>>> I am working on this ticket:
>>>>>>>>> https://issues.apache.org/jira/browse/GEODE-1659. Basically,
>>>>>>>>>
>>>>>>>> currently,
>>>>>>> any
>>>>>>>>> member(locator or server) needs to specify its own security-manager
>>>>>>>>>
>>>>>>>> in
>>>>>> order to protect its data which could leads to misconfiguration and
>>>>>>>> data
>>>>>>> leak. So we would like to put it into the cluster configuration so
>>>>>>>> any
>>>>>> member who wants to join the cluster will need to apply the same
>>>>>>>> security
>>>>>>> measures.
>>>>>>>>> Now Here is my question, should we only put the "security-manager"
>>>>>>>>>
>>>>>>>> and
>>>>>> "security-post-processor" in the cluster config or any "security-*"
>>>>>>>>> settings, which include SSL settings as well.
>>>>>>>>>
>>>>>>>>> Thanks!
>>>>>>>>>
>>>>>>>>> --
>>>>>>>>> Cheers
>>>>>>>>>
>>>>>>>>> Jinmei
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>> --
>>>>>> Cheers
>>>>>>
>>>>>> Jinmei
>>>>>>
>>>>>>
>>>>> --
>>>>> -John
>>>>> 503-504-8657
>>>>> john.blum10101 (skype)
>>>>>
>>>>>
>

Re: security properties in the cluster config

Posted by Jinmei Liao <ji...@pivotal.io>.

for "security-udp-dhalgo" property, If "Each member needs to define this
property with the same algorithm", it would make sense to put that in the
cluster configuration.

On Tue, Sep 27, 2016 at 3:09 PM, Bruce Schuchardt <bs...@pivotal.io>
wrote:

> security-udp-dhalgo is new and is described here:
> https://cwiki.apache.org/confluence/display/GEODE/Secure+
> UDP+Communication+in+Geode
>
>
> Le 9/26/2016 à 11:23 AM, Swapnil Bawaskar a écrit :
>
>> Hi John,
>> security-manager and security-post-processor are discussed here:
>> https://cwiki.apache.org/confluence/display/GEODE/Geode+
>> Integrated+Security
>>
>> On Mon, Sep 26, 2016 at 11:01 AM, Joey McAllister <jmcallister@pivotal.io
>> >
>> wrote:
>>
>> Hi John,
>>>
>>> They are documented in the docs dev branch and will be published with the
>>> next Geode release. Also, we're scheduled to donate the docs code to the
>>> project later this week, so you'll be able to see the work in dev.
>>>
>>> Best,
>>> Joey
>>>
>>> On Mon, Sep 26, 2016 at 10:41 AM John Blum <jb...@pivotal.io> wrote:
>>>
>>> Jinmei-
>>>>
>>>> Where are the following security-* properties documented?
>>>>
>>>> security-udp-dhalgo
>>>>
>>>> security-manager
>>>>
>>>> security-post-processor
>>>>
>>>> They certainly are not documented in the (Geode) User Docs, here
>>>> <
>>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
>>>>
>>> properties.html
>>>
>>>>   [1].
>>>>
>>>> Thanks!
>>>> John
>>>>
>>>> [1]
>>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
>>>>
>>> properties.html
>>>
>>>>
>>>>
>>>> On Mon, Sep 26, 2016 at 8:42 AM, Jinmei Liao <ji...@pivotal.io> wrote:
>>>>
>>>> Actually, I looked into the the config settings, these are the list of
>>>>> settings that begin with security-. SSL settings are not there. The
>>>>> security-client-* and security-peer-* are deprecated, so they don't
>>>>>
>>>> need
>>>
>>>> to
>>>>
>>>>> be in the cluster config. What about the udp-dhalgo and log-file and
>>>>> log-level? Does it hurt to put them in the cluster-config?
>>>>>
>>>>> "security-client-authenticator";
>>>>>
>>>>> "security-client-accessor";
>>>>>
>>>>> "security-client-accessor-pp";
>>>>>
>>>>> "security-client-auth-init";
>>>>>
>>>>> "security-client-dhalgo";
>>>>>
>>>>> "security-peer-auth-init";
>>>>>
>>>>> "security-peer-authenticator";
>>>>>
>>>>> "security-peer-verifymember-timeout";
>>>>>
>>>>> "security-udp-dhalgo";
>>>>>
>>>>> "security-log-file";
>>>>>
>>>>> "security-log-level";
>>>>>
>>>>> "security-manager";
>>>>>
>>>>> "security-post-processor";
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Fri, Sep 23, 2016 at 12:41 PM, Bruce Schuchardt <
>>>>>
>>>> bschuchardt@pivotal.io
>>>>
>>>>> wrote:
>>>>>
>>>>> SSL settings and the new UDP dhAlgo setting can't be in the cluster
>>>>>> config.  The cluster config is received over TCP/IP so you would have
>>>>>>
>>>>> to
>>>>
>>>>> use unsecured information to retrieve the settings, and you'd have to
>>>>>>
>>>>> do
>>>>
>>>>> it
>>>>>
>>>>>> before the cache is created.
>>>>>>
>>>>>> Does the security-manager have any role to play prior to the cache
>>>>>>
>>>>> being
>>>>
>>>>> created?   For instance, is it involved in authenticating the receipt
>>>>>>
>>>>> of
>>>>
>>>>> a
>>>>>
>>>>>> new membership view or a join request in GMSAuthenticator?  If so you
>>>>>>
>>>>> can't
>>>>>
>>>>>> store it in the cluster config, which is only retrieved later on
>>>>>>
>>>>> during
>>>
>>>> cache creation.
>>>>>>
>>>>>>
>>>>>>
>>>>>> Le 9/23/2016 à 11:57 AM, Michael Stolz a écrit :
>>>>>>
>>>>>> I am in favor of keeping the SSL thoughts separate from the RBAC
>>>>>>>
>>>>>> thoughts,
>>>>>
>>>>>> but I don't see any reason they couldn't share the same repository.
>>>>>>>
>>>>>>> That said though, does putting it all into the Cluster Configuration
>>>>>>> Manager (CCM) make it so that you can only have security if you are
>>>>>>>
>>>>>> using
>>>>>
>>>>>> CCM for configuration?
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Mike Stolz
>>>>>>> Principal Engineer, GemFire Product Manager
>>>>>>> Mobile: 631-835-4771
>>>>>>>
>>>>>>> On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io>
>>>>>>>
>>>>>> wrote:
>>>>
>>>>> Hi, All,
>>>>>>>
>>>>>>>> I am working on this ticket:
>>>>>>>> https://issues.apache.org/jira/browse/GEODE-1659. Basically,
>>>>>>>>
>>>>>>> currently,
>>>>>
>>>>>> any
>>>>>>>> member(locator or server) needs to specify its own security-manager
>>>>>>>>
>>>>>>> in
>>>>
>>>>> order to protect its data which could leads to misconfiguration and
>>>>>>>>
>>>>>>> data
>>>>>
>>>>>> leak. So we would like to put it into the cluster configuration so
>>>>>>>>
>>>>>>> any
>>>>
>>>>> member who wants to join the cluster will need to apply the same
>>>>>>>>
>>>>>>> security
>>>>>
>>>>>> measures.
>>>>>>>>
>>>>>>>> Now Here is my question, should we only put the "security-manager"
>>>>>>>>
>>>>>>> and
>>>>
>>>>> "security-post-processor" in the cluster config or any "security-*"
>>>>>>>> settings, which include SSL settings as well.
>>>>>>>>
>>>>>>>> Thanks!
>>>>>>>>
>>>>>>>> --
>>>>>>>> Cheers
>>>>>>>>
>>>>>>>> Jinmei
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>> --
>>>>> Cheers
>>>>>
>>>>> Jinmei
>>>>>
>>>>>
>>>>
>>>> --
>>>> -John
>>>> 503-504-8657
>>>> john.blum10101 (skype)
>>>>
>>>>
>


-- 
Cheers

Jinmei

Re: security properties in the cluster config

Posted by Bruce Schuchardt <bs...@pivotal.io>.

security-udp-dhalgo is new and is described here: 
https://cwiki.apache.org/confluence/display/GEODE/Secure+UDP+Communication+in+Geode

Le 9/26/2016 � 11:23 AM, Swapnil Bawaskar a �crit :
> Hi John,
> security-manager and security-post-processor are discussed here:
> https://cwiki.apache.org/confluence/display/GEODE/Geode+Integrated+Security
>
> On Mon, Sep 26, 2016 at 11:01 AM, Joey McAllister <jm...@pivotal.io>
> wrote:
>
>> Hi John,
>>
>> They are documented in the docs dev branch and will be published with the
>> next Geode release. Also, we're scheduled to donate the docs code to the
>> project later this week, so you'll be able to see the work in dev.
>>
>> Best,
>> Joey
>>
>> On Mon, Sep 26, 2016 at 10:41 AM John Blum <jb...@pivotal.io> wrote:
>>
>>> Jinmei-
>>>
>>> Where are the following security-* properties documented?
>>>
>>> security-udp-dhalgo
>>>
>>> security-manager
>>>
>>> security-post-processor
>>>
>>> They certainly are not documented in the (Geode) User Docs, here
>>> <
>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
>> properties.html
>>>   [1].
>>>
>>> Thanks!
>>> John
>>>
>>> [1]
>>> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
>> properties.html
>>>
>>>
>>> On Mon, Sep 26, 2016 at 8:42 AM, Jinmei Liao <ji...@pivotal.io> wrote:
>>>
>>>> Actually, I looked into the the config settings, these are the list of
>>>> settings that begin with security-. SSL settings are not there. The
>>>> security-client-* and security-peer-* are deprecated, so they don't
>> need
>>> to
>>>> be in the cluster config. What about the udp-dhalgo and log-file and
>>>> log-level? Does it hurt to put them in the cluster-config?
>>>>
>>>> "security-client-authenticator";
>>>>
>>>> "security-client-accessor";
>>>>
>>>> "security-client-accessor-pp";
>>>>
>>>> "security-client-auth-init";
>>>>
>>>> "security-client-dhalgo";
>>>>
>>>> "security-peer-auth-init";
>>>>
>>>> "security-peer-authenticator";
>>>>
>>>> "security-peer-verifymember-timeout";
>>>>
>>>> "security-udp-dhalgo";
>>>>
>>>> "security-log-file";
>>>>
>>>> "security-log-level";
>>>>
>>>> "security-manager";
>>>>
>>>> "security-post-processor";
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Fri, Sep 23, 2016 at 12:41 PM, Bruce Schuchardt <
>>> bschuchardt@pivotal.io
>>>> wrote:
>>>>
>>>>> SSL settings and the new UDP dhAlgo setting can't be in the cluster
>>>>> config.  The cluster config is received over TCP/IP so you would have
>>> to
>>>>> use unsecured information to retrieve the settings, and you'd have to
>>> do
>>>> it
>>>>> before the cache is created.
>>>>>
>>>>> Does the security-manager have any role to play prior to the cache
>>> being
>>>>> created?   For instance, is it involved in authenticating the receipt
>>> of
>>>> a
>>>>> new membership view or a join request in GMSAuthenticator?  If so you
>>>> can't
>>>>> store it in the cluster config, which is only retrieved later on
>> during
>>>>> cache creation.
>>>>>
>>>>>
>>>>>
>>>>> Le 9/23/2016 � 11:57 AM, Michael Stolz a �crit :
>>>>>
>>>>>> I am in favor of keeping the SSL thoughts separate from the RBAC
>>>> thoughts,
>>>>>> but I don't see any reason they couldn't share the same repository.
>>>>>>
>>>>>> That said though, does putting it all into the Cluster Configuration
>>>>>> Manager (CCM) make it so that you can only have security if you are
>>>> using
>>>>>> CCM for configuration?
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Mike Stolz
>>>>>> Principal Engineer, GemFire Product Manager
>>>>>> Mobile: 631-835-4771
>>>>>>
>>>>>> On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io>
>>> wrote:
>>>>>> Hi, All,
>>>>>>> I am working on this ticket:
>>>>>>> https://issues.apache.org/jira/browse/GEODE-1659. Basically,
>>>> currently,
>>>>>>> any
>>>>>>> member(locator or server) needs to specify its own security-manager
>>> in
>>>>>>> order to protect its data which could leads to misconfiguration and
>>>> data
>>>>>>> leak. So we would like to put it into the cluster configuration so
>>> any
>>>>>>> member who wants to join the cluster will need to apply the same
>>>> security
>>>>>>> measures.
>>>>>>>
>>>>>>> Now Here is my question, should we only put the "security-manager"
>>> and
>>>>>>> "security-post-processor" in the cluster config or any "security-*"
>>>>>>> settings, which include SSL settings as well.
>>>>>>>
>>>>>>> Thanks!
>>>>>>>
>>>>>>> --
>>>>>>> Cheers
>>>>>>>
>>>>>>> Jinmei
>>>>>>>
>>>>>>>
>>>>
>>>> --
>>>> Cheers
>>>>
>>>> Jinmei
>>>>
>>>
>>>
>>> --
>>> -John
>>> 503-504-8657
>>> john.blum10101 (skype)
>>>

Re: security properties in the cluster config

Posted by Swapnil Bawaskar <sb...@pivotal.io>.

Hi John,
security-manager and security-post-processor are discussed here:
https://cwiki.apache.org/confluence/display/GEODE/Geode+Integrated+Security

On Mon, Sep 26, 2016 at 11:01 AM, Joey McAllister <jm...@pivotal.io>
wrote:

> Hi John,
>
> They are documented in the docs dev branch and will be published with the
> next Geode release. Also, we're scheduled to donate the docs code to the
> project later this week, so you'll be able to see the work in dev.
>
> Best,
> Joey
>
> On Mon, Sep 26, 2016 at 10:41 AM John Blum <jb...@pivotal.io> wrote:
>
> > Jinmei-
> >
> > Where are the following security-* properties documented?
> >
> > security-udp-dhalgo
> >
> > security-manager
> >
> > security-post-processor
> >
> > They certainly are not documented in the (Geode) User Docs, here
> > <
> > http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
> properties.html
> > >
> >  [1].
> >
> > Thanks!
> > John
> >
> > [1]
> > http://geode.docs.pivotal.io/docs/reference/topics/gemfire_
> properties.html
> >
> >
> >
> > On Mon, Sep 26, 2016 at 8:42 AM, Jinmei Liao <ji...@pivotal.io> wrote:
> >
> > > Actually, I looked into the the config settings, these are the list of
> > > settings that begin with security-. SSL settings are not there. The
> > > security-client-* and security-peer-* are deprecated, so they don't
> need
> > to
> > > be in the cluster config. What about the udp-dhalgo and log-file and
> > > log-level? Does it hurt to put them in the cluster-config?
> > >
> > > "security-client-authenticator";
> > >
> > > "security-client-accessor";
> > >
> > > "security-client-accessor-pp";
> > >
> > > "security-client-auth-init";
> > >
> > > "security-client-dhalgo";
> > >
> > > "security-peer-auth-init";
> > >
> > > "security-peer-authenticator";
> > >
> > > "security-peer-verifymember-timeout";
> > >
> > > "security-udp-dhalgo";
> > >
> > > "security-log-file";
> > >
> > > "security-log-level";
> > >
> > > "security-manager";
> > >
> > > "security-post-processor";
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > On Fri, Sep 23, 2016 at 12:41 PM, Bruce Schuchardt <
> > bschuchardt@pivotal.io
> > > >
> > > wrote:
> > >
> > > > SSL settings and the new UDP dhAlgo setting can't be in the cluster
> > > > config.  The cluster config is received over TCP/IP so you would have
> > to
> > > > use unsecured information to retrieve the settings, and you'd have to
> > do
> > > it
> > > > before the cache is created.
> > > >
> > > > Does the security-manager have any role to play prior to the cache
> > being
> > > > created?   For instance, is it involved in authenticating the receipt
> > of
> > > a
> > > > new membership view or a join request in GMSAuthenticator?  If so you
> > > can't
> > > > store it in the cluster config, which is only retrieved later on
> during
> > > > cache creation.
> > > >
> > > >
> > > >
> > > > Le 9/23/2016 à 11:57 AM, Michael Stolz a écrit :
> > > >
> > > >> I am in favor of keeping the SSL thoughts separate from the RBAC
> > > thoughts,
> > > >> but I don't see any reason they couldn't share the same repository.
> > > >>
> > > >> That said though, does putting it all into the Cluster Configuration
> > > >> Manager (CCM) make it so that you can only have security if you are
> > > using
> > > >> CCM for configuration?
> > > >>
> > > >>
> > > >> --
> > > >> Mike Stolz
> > > >> Principal Engineer, GemFire Product Manager
> > > >> Mobile: 631-835-4771
> > > >>
> > > >> On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io>
> > wrote:
> > > >>
> > > >> Hi, All,
> > > >>>
> > > >>> I am working on this ticket:
> > > >>> https://issues.apache.org/jira/browse/GEODE-1659. Basically,
> > > currently,
> > > >>> any
> > > >>> member(locator or server) needs to specify its own security-manager
> > in
> > > >>> order to protect its data which could leads to misconfiguration and
> > > data
> > > >>> leak. So we would like to put it into the cluster configuration so
> > any
> > > >>> member who wants to join the cluster will need to apply the same
> > > security
> > > >>> measures.
> > > >>>
> > > >>> Now Here is my question, should we only put the "security-manager"
> > and
> > > >>> "security-post-processor" in the cluster config or any "security-*"
> > > >>> settings, which include SSL settings as well.
> > > >>>
> > > >>> Thanks!
> > > >>>
> > > >>> --
> > > >>> Cheers
> > > >>>
> > > >>> Jinmei
> > > >>>
> > > >>>
> > > >
> > >
> > >
> > > --
> > > Cheers
> > >
> > > Jinmei
> > >
> >
> >
> >
> > --
> > -John
> > 503-504-8657
> > john.blum10101 (skype)
> >
>

Re: security properties in the cluster config

Posted by Joey McAllister <jm...@pivotal.io>.

Hi John,

They are documented in the docs dev branch and will be published with the
next Geode release. Also, we're scheduled to donate the docs code to the
project later this week, so you'll be able to see the work in dev.

Best,
Joey

On Mon, Sep 26, 2016 at 10:41 AM John Blum <jb...@pivotal.io> wrote:

> Jinmei-
>
> Where are the following security-* properties documented?
>
> security-udp-dhalgo
>
> security-manager
>
> security-post-processor
>
> They certainly are not documented in the (Geode) User Docs, here
> <
> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_properties.html
> >
>  [1].
>
> Thanks!
> John
>
> [1]
> http://geode.docs.pivotal.io/docs/reference/topics/gemfire_properties.html
>
>
>
> On Mon, Sep 26, 2016 at 8:42 AM, Jinmei Liao <ji...@pivotal.io> wrote:
>
> > Actually, I looked into the the config settings, these are the list of
> > settings that begin with security-. SSL settings are not there. The
> > security-client-* and security-peer-* are deprecated, so they don't need
> to
> > be in the cluster config. What about the udp-dhalgo and log-file and
> > log-level? Does it hurt to put them in the cluster-config?
> >
> > "security-client-authenticator";
> >
> > "security-client-accessor";
> >
> > "security-client-accessor-pp";
> >
> > "security-client-auth-init";
> >
> > "security-client-dhalgo";
> >
> > "security-peer-auth-init";
> >
> > "security-peer-authenticator";
> >
> > "security-peer-verifymember-timeout";
> >
> > "security-udp-dhalgo";
> >
> > "security-log-file";
> >
> > "security-log-level";
> >
> > "security-manager";
> >
> > "security-post-processor";
> >
> >
> >
> >
> >
> >
> >
> > On Fri, Sep 23, 2016 at 12:41 PM, Bruce Schuchardt <
> bschuchardt@pivotal.io
> > >
> > wrote:
> >
> > > SSL settings and the new UDP dhAlgo setting can't be in the cluster
> > > config.  The cluster config is received over TCP/IP so you would have
> to
> > > use unsecured information to retrieve the settings, and you'd have to
> do
> > it
> > > before the cache is created.
> > >
> > > Does the security-manager have any role to play prior to the cache
> being
> > > created?   For instance, is it involved in authenticating the receipt
> of
> > a
> > > new membership view or a join request in GMSAuthenticator?  If so you
> > can't
> > > store it in the cluster config, which is only retrieved later on during
> > > cache creation.
> > >
> > >
> > >
> > > Le 9/23/2016 à 11:57 AM, Michael Stolz a écrit :
> > >
> > >> I am in favor of keeping the SSL thoughts separate from the RBAC
> > thoughts,
> > >> but I don't see any reason they couldn't share the same repository.
> > >>
> > >> That said though, does putting it all into the Cluster Configuration
> > >> Manager (CCM) make it so that you can only have security if you are
> > using
> > >> CCM for configuration?
> > >>
> > >>
> > >> --
> > >> Mike Stolz
> > >> Principal Engineer, GemFire Product Manager
> > >> Mobile: 631-835-4771
> > >>
> > >> On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io>
> wrote:
> > >>
> > >> Hi, All,
> > >>>
> > >>> I am working on this ticket:
> > >>> https://issues.apache.org/jira/browse/GEODE-1659. Basically,
> > currently,
> > >>> any
> > >>> member(locator or server) needs to specify its own security-manager
> in
> > >>> order to protect its data which could leads to misconfiguration and
> > data
> > >>> leak. So we would like to put it into the cluster configuration so
> any
> > >>> member who wants to join the cluster will need to apply the same
> > security
> > >>> measures.
> > >>>
> > >>> Now Here is my question, should we only put the "security-manager"
> and
> > >>> "security-post-processor" in the cluster config or any "security-*"
> > >>> settings, which include SSL settings as well.
> > >>>
> > >>> Thanks!
> > >>>
> > >>> --
> > >>> Cheers
> > >>>
> > >>> Jinmei
> > >>>
> > >>>
> > >
> >
> >
> > --
> > Cheers
> >
> > Jinmei
> >
>
>
>
> --
> -John
> 503-504-8657
> john.blum10101 (skype)
>

Re: security properties in the cluster config

Posted by John Blum <jb...@pivotal.io>.

Jinmei-

Where are the following security-* properties documented?

security-udp-dhalgo

security-manager

security-post-processor

They certainly are not documented in the (Geode) User Docs, here
<http://geode.docs.pivotal.io/docs/reference/topics/gemfire_properties.html>
 [1].

Thanks!
John

[1]
http://geode.docs.pivotal.io/docs/reference/topics/gemfire_properties.html



On Mon, Sep 26, 2016 at 8:42 AM, Jinmei Liao <ji...@pivotal.io> wrote:

> Actually, I looked into the the config settings, these are the list of
> settings that begin with security-. SSL settings are not there. The
> security-client-* and security-peer-* are deprecated, so they don't need to
> be in the cluster config. What about the udp-dhalgo and log-file and
> log-level? Does it hurt to put them in the cluster-config?
>
> "security-client-authenticator";
>
> "security-client-accessor";
>
> "security-client-accessor-pp";
>
> "security-client-auth-init";
>
> "security-client-dhalgo";
>
> "security-peer-auth-init";
>
> "security-peer-authenticator";
>
> "security-peer-verifymember-timeout";
>
> "security-udp-dhalgo";
>
> "security-log-file";
>
> "security-log-level";
>
> "security-manager";
>
> "security-post-processor";
>
>
>
>
>
>
>
> On Fri, Sep 23, 2016 at 12:41 PM, Bruce Schuchardt <bschuchardt@pivotal.io
> >
> wrote:
>
> > SSL settings and the new UDP dhAlgo setting can't be in the cluster
> > config.  The cluster config is received over TCP/IP so you would have to
> > use unsecured information to retrieve the settings, and you'd have to do
> it
> > before the cache is created.
> >
> > Does the security-manager have any role to play prior to the cache being
> > created?   For instance, is it involved in authenticating the receipt of
> a
> > new membership view or a join request in GMSAuthenticator?  If so you
> can't
> > store it in the cluster config, which is only retrieved later on during
> > cache creation.
> >
> >
> >
> > Le 9/23/2016 à 11:57 AM, Michael Stolz a écrit :
> >
> >> I am in favor of keeping the SSL thoughts separate from the RBAC
> thoughts,
> >> but I don't see any reason they couldn't share the same repository.
> >>
> >> That said though, does putting it all into the Cluster Configuration
> >> Manager (CCM) make it so that you can only have security if you are
> using
> >> CCM for configuration?
> >>
> >>
> >> --
> >> Mike Stolz
> >> Principal Engineer, GemFire Product Manager
> >> Mobile: 631-835-4771
> >>
> >> On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io> wrote:
> >>
> >> Hi, All,
> >>>
> >>> I am working on this ticket:
> >>> https://issues.apache.org/jira/browse/GEODE-1659. Basically,
> currently,
> >>> any
> >>> member(locator or server) needs to specify its own security-manager in
> >>> order to protect its data which could leads to misconfiguration and
> data
> >>> leak. So we would like to put it into the cluster configuration so any
> >>> member who wants to join the cluster will need to apply the same
> security
> >>> measures.
> >>>
> >>> Now Here is my question, should we only put the "security-manager" and
> >>> "security-post-processor" in the cluster config or any "security-*"
> >>> settings, which include SSL settings as well.
> >>>
> >>> Thanks!
> >>>
> >>> --
> >>> Cheers
> >>>
> >>> Jinmei
> >>>
> >>>
> >
>
>
> --
> Cheers
>
> Jinmei
>



-- 
-John
503-504-8657
john.blum10101 (skype)

Re: security properties in the cluster config

Posted by Jinmei Liao <ji...@pivotal.io>.

Actually, I looked into the the config settings, these are the list of
settings that begin with security-. SSL settings are not there. The
security-client-* and security-peer-* are deprecated, so they don't need to
be in the cluster config. What about the udp-dhalgo and log-file and
log-level? Does it hurt to put them in the cluster-config?

"security-client-authenticator";

"security-client-accessor";

"security-client-accessor-pp";

"security-client-auth-init";

"security-client-dhalgo";

"security-peer-auth-init";

"security-peer-authenticator";

"security-peer-verifymember-timeout";

"security-udp-dhalgo";

"security-log-file";

"security-log-level";

"security-manager";

"security-post-processor";







On Fri, Sep 23, 2016 at 12:41 PM, Bruce Schuchardt <bs...@pivotal.io>
wrote:

> SSL settings and the new UDP dhAlgo setting can't be in the cluster
> config.  The cluster config is received over TCP/IP so you would have to
> use unsecured information to retrieve the settings, and you'd have to do it
> before the cache is created.
>
> Does the security-manager have any role to play prior to the cache being
> created?   For instance, is it involved in authenticating the receipt of a
> new membership view or a join request in GMSAuthenticator?  If so you can't
> store it in the cluster config, which is only retrieved later on during
> cache creation.
>
>
>
> Le 9/23/2016 à 11:57 AM, Michael Stolz a écrit :
>
>> I am in favor of keeping the SSL thoughts separate from the RBAC thoughts,
>> but I don't see any reason they couldn't share the same repository.
>>
>> That said though, does putting it all into the Cluster Configuration
>> Manager (CCM) make it so that you can only have security if you are using
>> CCM for configuration?
>>
>>
>> --
>> Mike Stolz
>> Principal Engineer, GemFire Product Manager
>> Mobile: 631-835-4771
>>
>> On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io> wrote:
>>
>> Hi, All,
>>>
>>> I am working on this ticket:
>>> https://issues.apache.org/jira/browse/GEODE-1659. Basically, currently,
>>> any
>>> member(locator or server) needs to specify its own security-manager in
>>> order to protect its data which could leads to misconfiguration and data
>>> leak. So we would like to put it into the cluster configuration so any
>>> member who wants to join the cluster will need to apply the same security
>>> measures.
>>>
>>> Now Here is my question, should we only put the "security-manager" and
>>> "security-post-processor" in the cluster config or any "security-*"
>>> settings, which include SSL settings as well.
>>>
>>> Thanks!
>>>
>>> --
>>> Cheers
>>>
>>> Jinmei
>>>
>>>
>


-- 
Cheers

Jinmei

Re: security properties in the cluster config

Posted by Bruce Schuchardt <bs...@pivotal.io>.

SSL settings and the new UDP dhAlgo setting can't be in the cluster 
config.  The cluster config is received over TCP/IP so you would have to 
use unsecured information to retrieve the settings, and you'd have to do 
it before the cache is created.

Does the security-manager have any role to play prior to the cache being 
created?   For instance, is it involved in authenticating the receipt of 
a new membership view or a join request in GMSAuthenticator?  If so you 
can't store it in the cluster config, which is only retrieved later on 
during cache creation.

Le 9/23/2016 � 11:57 AM, Michael Stolz a �crit :
> I am in favor of keeping the SSL thoughts separate from the RBAC thoughts,
> but I don't see any reason they couldn't share the same repository.
>
> That said though, does putting it all into the Cluster Configuration
> Manager (CCM) make it so that you can only have security if you are using
> CCM for configuration?
>
>
> --
> Mike Stolz
> Principal Engineer, GemFire Product Manager
> Mobile: 631-835-4771
>
> On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io> wrote:
>
>> Hi, All,
>>
>> I am working on this ticket:
>> https://issues.apache.org/jira/browse/GEODE-1659. Basically, currently,
>> any
>> member(locator or server) needs to specify its own security-manager in
>> order to protect its data which could leads to misconfiguration and data
>> leak. So we would like to put it into the cluster configuration so any
>> member who wants to join the cluster will need to apply the same security
>> measures.
>>
>> Now Here is my question, should we only put the "security-manager" and
>> "security-post-processor" in the cluster config or any "security-*"
>> settings, which include SSL settings as well.
>>
>> Thanks!
>>
>> --
>> Cheers
>>
>> Jinmei
>>

Re: security properties in the cluster config

Posted by Michael Stolz <ms...@pivotal.io>.

I am in favor of keeping the SSL thoughts separate from the RBAC thoughts,
but I don't see any reason they couldn't share the same repository.

That said though, does putting it all into the Cluster Configuration
Manager (CCM) make it so that you can only have security if you are using
CCM for configuration?

--
Mike Stolz
Principal Engineer, GemFire Product Manager
Mobile: 631-835-4771

On Fri, Sep 23, 2016 at 1:48 PM, Jinmei Liao <ji...@pivotal.io> wrote:

> Hi, All,
>
> I am working on this ticket:
> https://issues.apache.org/jira/browse/GEODE-1659. Basically, currently,
> any
> member(locator or server) needs to specify its own security-manager in
> order to protect its data which could leads to misconfiguration and data
> leak. So we would like to put it into the cluster configuration so any
> member who wants to join the cluster will need to apply the same security
> measures.
>
> Now Here is my question, should we only put the "security-manager" and
> "security-post-processor" in the cluster config or any "security-*"
> settings, which include SSL settings as well.
>
> Thanks!
>
> --
> Cheers
>
> Jinmei
>