Details
-
Feature
-
Status: Dismissed (View Workflow)
-
Major
-
Resolution: Works as designed
-
None
-
None
-
None
Description
Current Situation
- The JOC Cockpit HTTPS Authentication requires to add keystore and trustore passwords to access the keystore or private keys in JETTY_BASE/start.ini file. These passwords are stored in the configuration files as plain text. To make the passwords secure it should accept the hashed password.
- The hashed passwords are accepted and can be used in /Scheduler_DATA/config/private/private.conf file when we setup authentication for JobScheduler Master webservice like:
jobscheduler.master.auth.users { JOBSCHEDULER_ID = "HASH_SCHEME:HASHED_PASSWORD" }
- The hashed passwords are accepted and can be used in <agent_data>/config/private also when we setup authentication between Master and Agent.
jobscheduler.agent.auth.users { JOBSCHEDULER_ID = "HASH_SCHEME:HASHED_PASSWORD" } - The hashed passwords when used while configuring jetty are not accepted by JOC Cockpit, the Jetty documentation confirms, jetty can configure hash passwords with the parameters
jetty.sslContext.keyStorePassword, jetty.sslContext.keyManagerPassword, and jetty.sslContext.trustStorePassword. - When JETTY is configured with hashed passwords the JOC Cokcpit throws exception "java.security.PrivilegedActionException: java.io.IOException: Keystore was tampered with, or password was incorrect" . Refer to the attached 2019_03_07.stderrout.log
file for more details.
Desired Behavior
- The JOC Cockpit should also support hash passwords while configuring Jetty as accepted by JobScheduler Master, Agent and even in JOC Cockpit when used in JETTY_BASE/resources/joc/shiro.ini.