You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Sandor Molnar (JIRA)" <ji...@apache.org> on 2019/02/04 14:30:00 UTC
[jira] [Created] (AMBARI-25141) LDAP password in cleartext in
ldap-password.dat file after encrypting passwords
Sandor Molnar created AMBARI-25141:
--------------------------------------
Summary: LDAP password in cleartext in ldap-password.dat file after encrypting passwords
Key: AMBARI-25141
URL: https://issues.apache.org/jira/browse/AMBARI-25141
Project: Ambari
Issue Type: Bug
Components: ambari-server
Affects Versions: 2.7.3
Reporter: Sandor Molnar
Assignee: Sandor Molnar
Fix For: 2.7.4
In 2.7.x we store LDAP password within its own file; however the content of that file is not encrypted even if password encryption is on. To approach this issue the following should be done:
- in case password encryption is enabled we will encrypt the LDAP password in the credential store and write the corresponding CS alias in the LDAP password file (just like we do with other passwords inĀ {{ambari.properties}})
- in case the password encryption is disabled we will write the raw password in the LDAP password file
In both cases an additional level of security can be achieved by setting the appropriate user/group access on the file system to the LDAP password file.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)