[JS-1631] Agent restricts access to authenticated users - SOS JIRA

XML

Word

Printable

Details

Type: Feature
Status: Released (View Workflow)
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.10.5, 1.11
Component/s: JS Universal Agent
Labels:
- master-agent-security
- web-service

Description

Desired Behavior

The Agent HTTPS web services are only accessible to authenticated users.

The credentials are read from data-directory/config/private/private.conf where each user has an entry of the form
```
jobscheduler.agent.auth.users {
  _userName_ = "_hashScheme_:_hashedPassword_"
}
```

An example would be:

jobscheduler.agent.auth.users {
  a-scheduler = "plain:PASSWORD"
  b-scheduler = "sha512:130c7809c9e5a8d81347b55f5c82c3a7407f4b41b461eb641887d276b11af4b575c5a32d1cf104e531c700e4b1ddd75b27b9e849576f6dfb8ca42789fbc7ece2"  # "SHA512-PASSWORD"
}

A JobScheduler uses its Scheduler ID as its user name.

The Agent expects HTTP Basic Authentication.

Recommendations

Both hashing schemes, as you can see in the example above, "plain" and "sha512" are available. We recommend the latter as a more secure procedure in comparison to a plain text.

Attachments

Issue Links

is related to

JS-1670 Authentication and HTTPs for JobScheduler Master

Released

requires

JS-1628 HTTPS for Universal Agent, command line option -ip-address= replaced

Released

JS-1632 JobScheduler Master authenticates itself to Universal Agent

Released

mentioned in: Page Loading...

Activity

People

Assignee:: Joacim Zschimmer

Reporter:: Joacim Zschimmer

Approver:: Santiago Aucejo Petzoldt

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 10 June 2016 14:10

Updated:: 19 November 2016 08:16

Resolved:: 05 July 2016 14:43