You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Zhiguo Wu (Jira)" <ji...@apache.org> on 2022/10/02 15:24:00 UTC
[jira] [Commented] (AMBARI-25141) LDAP password in cleartext in ldap-password.dat file after encrypting passwords
[ https://issues.apache.org/jira/browse/AMBARI-25141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17612129#comment-17612129 ]
Zhiguo Wu commented on AMBARI-25141:
------------------------------------
Thank [~smolnar] ! Would you like to create another PR for trunk branch ?
> LDAP password in cleartext in ldap-password.dat file after encrypting passwords
> -------------------------------------------------------------------------------
>
> Key: AMBARI-25141
> URL: https://issues.apache.org/jira/browse/AMBARI-25141
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.7.3
> Reporter: Sandor Molnar
> Assignee: Sandor Molnar
> Priority: Critical
> Labels: pull-request-available
> Fix For: 2.7.4
>
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> In 2.7.x we store LDAP password within its own file; however the content of that file is not encrypted even if password encryption is on. To approach this issue the following should be done:
> - in case password encryption is enabled we will encrypt the LDAP password in the credential store and write the corresponding CS alias in the LDAP password file (just like we do with other passwords inĀ {{ambari.properties}})
> - in case the password encryption is disabled we will write the raw password in the LDAP password file
> In both cases an additional level of security can be achieved by setting the appropriate user/group access on the file system to the LDAP password file.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@ambari.apache.org
For additional commands, e-mail: issues-help@ambari.apache.org