You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kylin.apache.org by "Shaofeng SHI (JIRA)" <ji...@apache.org> on 2016/02/05 10:48:40 UTC

[jira] [Commented] (KYLIN-1401) Passwords in kylin.properties should be enctrypted

    [ https://issues.apache.org/jira/browse/KYLIN-1401?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15133912#comment-15133912 ] 

Shaofeng SHI commented on KYLIN-1401:
-------------------------------------

Thanks for the reporting; I have updated the website doc, it will be updated a little bit later.

PasswordPlaceholderConfigurer.java is also be udpated so user can run it to get the hashed password.



> Passwords in kylin.properties should be enctrypted
> --------------------------------------------------
>
>                 Key: KYLIN-1401
>                 URL: https://issues.apache.org/jira/browse/KYLIN-1401
>             Project: Kylin
>          Issue Type: Improvement
>          Components: Client - CLI
>    Affects Versions: v1.2
>            Reporter: Wu Xiang
>            Assignee: Shaofeng SHI
>             Fix For: 1.2
>
>
> When integrating LDAP authentication in Kylin, people might run into the following error message. One possible reason is that Kylin actually requires passwords in kylin.properties be encrypted.
> {quote}
> Invalid bean definition with name 'ldapSource' defined in class path resource \[kylinSecurity.xm\]: Input length must be multiple of 16 when decrypting with padded cipher
> {quote}
> Related code for passwords decryption is as follows:
> {code:title=PasswordPlaceholderConfigurer.java|borderStyle=solid}
>     protected String resolvePlaceholder(String placeholder, Properties props) {
>         if (placeholder.toLowerCase().contains("password")) {
>             return decrypt(props.getProperty(placeholder));
>         } else {
>             return props.getProperty(placeholder);
>         }
>     }
> {code}
> Related discussion in mailing list: [Link|http://mail-archives.apache.org/mod_mbox/kylin-user/201602.mbox/%3CCAJxfx2ANpe0rG1Vm1R_Sdh4XZuNP3FCswXmv1_xFUVSpdOkH_A%40mail.gmail.com%3E]
> In this ticket, I would propose a CLI tool for password encryption for Kylin, and add related documentation in [How to Enable Security with LDAP and SSO|http://kylin.apache.org/docs/howto/howto_ldap_and_sso.html]



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)