Uploaded image for project: 'Ambari'
  1. Ambari
  2. AMBARI-20938

LDAPS connections to an Active Directory when enabling Kerberos should validate the server's SSL certificate

    XMLWordPrintableJSON

Details

    Description

      LDAPS connections to an Active Directory when enabling Kerberos should validate the server's SSL certificate. The current implementation skips validation checks to help avoid SSL issues; however this is not secure. Also the trusting SSL connection may not support the more secure SSL protocols - TLSv1.2.

      A flag in the ambari.properties file (kerberos.operation.verify.kdc.trust) should be available to allow for the user to select either a trusting SSL connection or a validating (non-trusting) SSL connection to be used. The default should be to use the standard (non-trusting) SSL connection.

      Attachments

        1. AMBARI-20938_branch-2.5_01.patch
          38 kB
          Robert Levas
        2. AMBARI-20938_trunk_01.patch
          35 kB
          Robert Levas

        Issue Links

          Activity

            People

              rlevas Robert Levas
              rlevas Robert Levas
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: