You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by su...@apache.org on 2015/04/08 22:40:18 UTC
knox git commit: KNOX-524 changed password hashing algorithm as per
review
Repository: knox
Updated Branches:
refs/heads/master 016a47dc6 -> 4f2b2dd8b
KNOX-524 changed password hashing algorithm as per review
Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/4f2b2dd8
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/4f2b2dd8
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/4f2b2dd8
Branch: refs/heads/master
Commit: 4f2b2dd8b791d6de2436bbf33b6b8dfdd1586096
Parents: 016a47d
Author: Sumit Gupta <su...@apache.org>
Authored: Wed Apr 8 16:39:28 2015 -0400
Committer: Sumit Gupta <su...@apache.org>
Committed: Wed Apr 8 16:39:28 2015 -0400
----------------------------------------------------------------------
.../gateway/shirorealm/KnoxLdapRealm.java | 2 +-
.../templates/sandbox.knoxrealm.cacheon.xml | 207 -------------------
2 files changed, 1 insertion(+), 208 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/knox/blob/4f2b2dd8/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
----------------------------------------------------------------------
diff --git a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
index b18712d..c797c06 100644
--- a/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
+++ b/gateway-provider-security-shiro/src/main/java/org/apache/hadoop/gateway/shirorealm/KnoxLdapRealm.java
@@ -120,7 +120,7 @@ public class KnoxLdapRealm extends JndiLdapRealm {
private final static String MEMBER_URL = "memberUrl";
- private static final String HASHING_ALGORITHM = "MD5";
+ private static final String HASHING_ALGORITHM = "SHA-1";
static {
SUBTREE_SCOPE.setSearchScope(SearchControls.SUBTREE_SCOPE);
http://git-wip-us.apache.org/repos/asf/knox/blob/4f2b2dd8/gateway-release/home/templates/sandbox.knoxrealm.cacheon.xml
----------------------------------------------------------------------
diff --git a/gateway-release/home/templates/sandbox.knoxrealm.cacheon.xml b/gateway-release/home/templates/sandbox.knoxrealm.cacheon.xml
deleted file mode 100644
index 43dd761..0000000
--- a/gateway-release/home/templates/sandbox.knoxrealm.cacheon.xml
+++ /dev/null
@@ -1,207 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<!--
- Licensed to the Apache Software Foundation (ASF) under one or more
- contributor license agreements. See the NOTICE file distributed with
- this work for additional information regarding copyright ownership.
- The ASF licenses this file to You under the Apache License, Version 2.0
- (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
- Unless required by applicable law or agreed to in writing, software
- distributed under the License is distributed on an "AS IS" BASIS,
- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- See the License for the specific language governing permissions and
- limitations under the License.
--->
-<topology>
-
- <gateway>
-
- <provider>
- <role>authentication</role>
- <name>ShiroProvider</name>
- <enabled>true</enabled>
- <!--
- session timeout in minutes, this is really idle timeout,
- defaults to 30mins, if the property value is not defined,,
- current client authentication would expire if client idles contiuosly for more than this value
- -->
- <!-- defaults to: 30 minutes
- <param>
- <name>sessionTimeout</name>
- <value>30</value>
- </param>
- -->
-
- <!--
- Use single KnoxLdapRealm to do authentication and ldap group look up
- -->
- <param>
- <name>main.ldapRealm</name>
- <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapRealm</value>
- </param>
- <param>
- <name>main.ldapGroupContextFactory</name>
- <value>org.apache.hadoop.gateway.shirorealm.KnoxLdapContextFactory</value>
- </param>
- <param>
- <name>main.ldapRealm.contextFactory</name>
- <value>$ldapGroupContextFactory</value>
- </param>
- <!-- defaults to: simple
- <param>
- <name>main.ldapRealm.contextFactory.authenticationMechanism</name>
- <value>simple</value>
- </param>
- -->
- <param>
- <name>main.ldapRealm.contextFactory.url</name>
- <value>ldap://localhost:33389</value>
- </param>
- <param>
- <name>main.ldapRealm.userDnTemplate</name>
- <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
- </param>
-
- <param>
- <name>main.ldapRealm.authorizationEnabled</name>
- <!-- defaults to: false -->
- <value>true</value>
- </param>
- <!-- defaults to: simple
- <param>
- <name>main.ldapRealm.contextFactory.systemAuthenticationMechanism</name>
- <value>simple</value>
- </param>
- -->
- <param>
- <name>main.ldapRealm.searchBase</name>
- <value>ou=groups,dc=hadoop,dc=apache,dc=org</value>
- </param>
- <!-- defaults to: groupOfNames
- <param>
- <name>main.ldapRealm.groupObjectClass</name>
- <value>groupOfNames</value>
- </param>
- -->
- <!-- defaults to: member
- <param>
- <name>main.ldapRealm.memberAttribute</name>
- <value>member</value>
- </param>
- -->
- <param>
- <name>main.cacheManager</name>
- <value>org.apache.shiro.cache.MemoryConstrainedCacheManager</value>
- </param>
- <param>
- <name>main.securityManager.cacheManager</name>
- <value>$cacheManager</value>
- </param>
- <param>
- <name>main.ldapRealm.authenticationCachingEnabled</name>
- <value>true</value>
- </param>
- <param>
- <name>main.ldapRealm.memberAttributeValueTemplate</name>
- <value>uid={0},ou=people,dc=hadoop,dc=apache,dc=org</value>
- </param>
- <param>
- <name>main.ldapRealm.contextFactory.systemUsername</name>
- <value>uid=guest,ou=people,dc=hadoop,dc=apache,dc=org</value>
- </param>
- <param>
- <name>main.ldapRealm.contextFactory.systemPassword</name>
- <value>guest-password</value>
- </param>
-
- <param>
- <name>urls./**</name>
- <value>authcBasic</value>
- </param>
-
- </provider>
-
- <provider>
- <role>identity-assertion</role>
- <name>Default</name>
- <enabled>true</enabled>
- <param>
- <name>group.principal.mapping</name>
- <value>*=users</value>
- </param>
- </provider>
-
- <provider>
- <role>authorization</role>
- <name>AclsAuthz</name>
- <enabled>true</enabled>
- <param>
- <name>webhdfs.acl</name>
- <value>*;analyst;*</value>
- </param>
- </provider>
-
- <!--
- Defines rules for mapping host names internal to a Hadoop cluster to externally accessible host names.
- For example, a hadoop service running in AWS may return a response that includes URLs containing the
- some AWS internal host name. If the client needs to make a subsequent request to the host identified
- in those URLs they need to be mapped to external host names that the client Knox can use to connect.
-
- If the external hostname and internal host names are same turn of this provider by setting the value of
- enabled parameter as false.
-
- The name parameter specifies the external host names in a comma separated list.
- The value parameter specifies corresponding internal host names in a comma separated list.
-
- Note that when you are using Sandbox, the external hostname needs to be localhost, as seen in out
- of box sandbox.xml. This is because Sandbox uses port mapping to allow clients to connect to the
- Hadoop services using localhost. In real clusters, external host names would almost never be localhost.
- -->
- <provider>
- <role>hostmap</role>
- <name>static</name>
- <enabled>true</enabled>
- <param><name>localhost</name><value>sandbox,sandbox.hortonworks.com</value></param>
- </provider>
-
- </gateway>
-
- <service>
- <role>NAMENODE</role>
- <url>hdfs://localhost:8020</url>
- </service>
-
- <service>
- <role>JOBTRACKER</role>
- <url>rpc://localhost:8050</url>
- </service>
-
- <service>
- <role>WEBHDFS</role>
- <url>http://localhost:50070/webhdfs</url>
- </service>
-
- <service>
- <role>WEBHCAT</role>
- <url>http://localhost:50111/templeton</url>
- </service>
-
- <service>
- <role>OOZIE</role>
- <url>http://localhost:11000/oozie</url>
- </service>
-
- <service>
- <role>WEBHBASE</role>
- <url>http://localhost:60080</url>
- </service>
-
- <service>
- <role>HIVE</role>
- <url>http://localhost:10000</url>
- </service>
-
-</topology>