Uploaded image for project: 'JOC - JobScheduler Operations Center'
  1. JOC - JobScheduler Operations Center
  2. JOC-690

JOC Cockpit should support hashed passwords for keyStorePassword, keyManagerPassword, and trustStorePassword

    XMLWordPrintable

    Details

    • Type: Feature
    • Status: Dismissed (View Workflow)
    • Priority: Major
    • Resolution: Works as designed
    • Affects Version/s: None
    • Fix Version/s: 1.12.9
    • Component/s: None
    • Labels:
      None

      Description

      Current Situation

      • The JOC Cockpit HTTPS Authentication requires to add keystore and trustore passwords to access the keystore or private keys in JETTY_BASE/start.ini file. These passwords are stored in the configuration files as plain text. To make the passwords secure it should accept the hashed password.
      • The hashed passwords are accepted and can be used in /Scheduler_DATA/config/private/private.conf file when we setup authentication for JobScheduler Master webservice like:
        jobscheduler.master.auth.users {
        JOBSCHEDULER_ID = "HASH_SCHEME:HASHED_PASSWORD"
        }
        
      • The hashed passwords are accepted and can be used in <agent_data>/config/private also when we setup authentication between Master and Agent.
        jobscheduler.agent.auth.users {
        JOBSCHEDULER_ID = "HASH_SCHEME:HASHED_PASSWORD"
        }
        
      • The hashed passwords when used while configuring jetty are not accepted by JOC Cockpit, the Jetty documentation confirms, jetty can configure hash passwords with the parameters
        jetty.sslContext.keyStorePassword, jetty.sslContext.keyManagerPassword, and jetty.sslContext.trustStorePassword.
      • When JETTY is configured with hashed passwords the JOC Cokcpit throws exception "java.security.PrivilegedActionException: java.io.IOException: Keystore was tampered with, or password was incorrect" . Refer to the attached 2019_03_07.stderrout.log file for more details.

      Desired Behavior

      • The JOC Cockpit should also support hash passwords while configuring Jetty as accepted by JobScheduler Master, Agent and even in JOC Cockpit when used in JETTY_BASE/resources/joc/shiro.ini.

        Attachments

          Activity

            People

            • Assignee:
              oh Oliver Haufe
              Reporter:
              Kanika-Agrawal Kanika Agrawal
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: