From 2e67f4eb6baae687603e18ee93d5317461c37c57 Mon Sep 17 00:00:00 2001 From: Madhan Neethiraj Date: Thu, 23 Oct 2025 14:56:31 -0700 Subject: [PATCH 1/3] RANGER-5383: updated plugin install to support configurations for Kerberized Solr audit destination --- hbase-agent/conf/ranger-hbase-audit-changes.cfg | 10 ++++++++++ hbase-agent/scripts/install.properties | 10 ++++++++++ hdfs-agent/conf/ranger-hdfs-audit-changes.cfg | 10 ++++++++++ hdfs-agent/scripts/install.properties | 10 ++++++++++ hive-agent/conf/ranger-hive-audit-changes.cfg | 10 ++++++++++ hive-agent/scripts/install.properties | 10 ++++++++++ kms/scripts/install.properties | 10 ++++++++++ knox-agent/conf/ranger-knox-audit-changes.cfg | 10 ++++++++++ knox-agent/scripts/install.properties | 12 +++++++++++- plugin-atlas/scripts/install.properties | 10 ++++++++++ .../conf/ranger-elasticsearch-audit-changes.cfg | 10 ++++++++++ plugin-elasticsearch/scripts/install.properties | 10 ++++++++++ plugin-kafka/conf/ranger-kafka-audit-changes.cfg | 10 ++++++++++ plugin-kafka/scripts/install.properties | 12 +++++++++++- plugin-kms/conf/ranger-kms-audit-changes.cfg | 10 ++++++++++ plugin-kylin/conf/ranger-kylin-audit-changes.cfg | 10 ++++++++++ plugin-kylin/scripts/install.properties | 10 ++++++++++ plugin-ozone/conf/ranger-ozone-audit-changes.cfg | 10 ++++++++++ plugin-ozone/scripts/install.properties | 12 +++++++++++- plugin-presto/conf/ranger-presto-audit-changes.cfg | 10 ++++++++++ plugin-presto/scripts/install.properties | 10 ++++++++++ plugin-solr/conf/ranger-solr-audit-changes.cfg | 10 ++++++++++ plugin-solr/scripts/install.properties | 12 +++++++++++- plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg | 10 ++++++++++ plugin-sqoop/scripts/install.properties | 10 ++++++++++ plugin-trino/conf/ranger-trino-audit-changes.cfg | 10 ++++++++++ plugin-trino/scripts/install.properties | 10 ++++++++++ plugin-yarn/conf/ranger-yarn-audit-changes.cfg | 10 ++++++++++ plugin-yarn/scripts/install.properties | 10 ++++++++++ storm-agent/conf/ranger-storm-audit-changes.cfg | 10 ++++++++++ storm-agent/scripts/install.properties | 10 ++++++++++ 31 files changed, 314 insertions(+), 4 deletions(-) diff --git a/hbase-agent/conf/ranger-hbase-audit-changes.cfg b/hbase-agent/conf/ranger-hbase-audit-changes.cfg index a743db457d..15d19e5800 100644 --- a/hbase-agent/conf/ranger-hbase-audit-changes.cfg +++ b/hbase-agent/conf/ranger-hbase-audit-changes.cfg @@ -47,6 +47,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties index d105049127..ae2849ec41 100644 --- a/hbase-agent/scripts/install.properties +++ b/hbase-agent/scripts/install.properties @@ -55,6 +55,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hbase/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example diff --git a/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg b/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg index 8e0e158d72..49244c66bd 100644 --- a/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg +++ b/hdfs-agent/conf/ranger-hdfs-audit-changes.cfg @@ -44,6 +44,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/hdfs-agent/scripts/install.properties b/hdfs-agent/scripts/install.properties index 698638b72e..5aec809f30 100644 --- a/hdfs-agent/scripts/install.properties +++ b/hdfs-agent/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example diff --git a/hive-agent/conf/ranger-hive-audit-changes.cfg b/hive-agent/conf/ranger-hive-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/hive-agent/conf/ranger-hive-audit-changes.cfg +++ b/hive-agent/conf/ranger-hive-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/hive-agent/scripts/install.properties b/hive-agent/scripts/install.properties index e64e5e0c49..98d7248d5d 100644 --- a/hive-agent/scripts/install.properties +++ b/hive-agent/scripts/install.properties @@ -52,6 +52,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties index 5693741cc3..4f7b0dcf67 100755 --- a/kms/scripts/install.properties +++ b/kms/scripts/install.properties @@ -197,6 +197,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ranger/kms/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example diff --git a/knox-agent/conf/ranger-knox-audit-changes.cfg b/knox-agent/conf/ranger-knox-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/knox-agent/conf/ranger-knox-audit-changes.cfg +++ b/knox-agent/conf/ranger-knox-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/knox-agent/scripts/install.properties b/knox-agent/scripts/install.properties index cb1ccf80c8..c389713d89 100644 --- a/knox-agent/scripts/install.properties +++ b/knox-agent/scripts/install.properties @@ -47,6 +47,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/knox/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example @@ -173,4 +183,4 @@ CUSTOM_USER=knox # Custom component group # CUSTOM_COMPONENT_GROUP= # keep blank if component group is default -CUSTOM_GROUP=knox \ No newline at end of file +CUSTOM_GROUP=knox diff --git a/plugin-atlas/scripts/install.properties b/plugin-atlas/scripts/install.properties index c5b6eb882d..8f22977ea2 100644 --- a/plugin-atlas/scripts/install.properties +++ b/plugin-atlas/scripts/install.properties @@ -51,6 +51,16 @@ XAAUDIT.SOLR.URL=NONE XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example diff --git a/plugin-elasticsearch/conf/ranger-elasticsearch-audit-changes.cfg b/plugin-elasticsearch/conf/ranger-elasticsearch-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/plugin-elasticsearch/conf/ranger-elasticsearch-audit-changes.cfg +++ b/plugin-elasticsearch/conf/ranger-elasticsearch-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-elasticsearch/scripts/install.properties b/plugin-elasticsearch/scripts/install.properties index fb2b40b858..ea2a9f44f2 100644 --- a/plugin-elasticsearch/scripts/install.properties +++ b/plugin-elasticsearch/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/elasticsearch/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example diff --git a/plugin-kafka/conf/ranger-kafka-audit-changes.cfg b/plugin-kafka/conf/ranger-kafka-audit-changes.cfg index 94c2d24cac..1903d98ca6 100644 --- a/plugin-kafka/conf/ranger-kafka-audit-changes.cfg +++ b/plugin-kafka/conf/ranger-kafka-audit-changes.cfg @@ -38,6 +38,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-kafka/scripts/install.properties b/plugin-kafka/scripts/install.properties index 21f718b7f1..59949cf5a2 100644 --- a/plugin-kafka/scripts/install.properties +++ b/plugin-kafka/scripts/install.properties @@ -50,6 +50,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/kafka/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example @@ -175,4 +185,4 @@ CUSTOM_USER=kafka # Custom component group # CUSTOM_COMPONENT_GROUP= # keep blank if component group is default -CUSTOM_GROUP=hadoop \ No newline at end of file +CUSTOM_GROUP=hadoop diff --git a/plugin-kms/conf/ranger-kms-audit-changes.cfg b/plugin-kms/conf/ranger-kms-audit-changes.cfg index 50e52a1470..d13d202887 100644 --- a/plugin-kms/conf/ranger-kms-audit-changes.cfg +++ b/plugin-kms/conf/ranger-kms-audit-changes.cfg @@ -47,6 +47,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-kylin/conf/ranger-kylin-audit-changes.cfg b/plugin-kylin/conf/ranger-kylin-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/plugin-kylin/conf/ranger-kylin-audit-changes.cfg +++ b/plugin-kylin/conf/ranger-kylin-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-kylin/scripts/install.properties b/plugin-kylin/scripts/install.properties index 9d117ec365..7300a13f68 100644 --- a/plugin-kylin/scripts/install.properties +++ b/plugin-kylin/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/kylin/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example diff --git a/plugin-ozone/conf/ranger-ozone-audit-changes.cfg b/plugin-ozone/conf/ranger-ozone-audit-changes.cfg index a3e2382b2a..cc15921ccc 100644 --- a/plugin-ozone/conf/ranger-ozone-audit-changes.cfg +++ b/plugin-ozone/conf/ranger-ozone-audit-changes.cfg @@ -38,6 +38,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-ozone/scripts/install.properties b/plugin-ozone/scripts/install.properties index fcb74a93e6..45391d6d81 100644 --- a/plugin-ozone/scripts/install.properties +++ b/plugin-ozone/scripts/install.properties @@ -50,6 +50,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ozone/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example @@ -175,4 +185,4 @@ CUSTOM_USER=ozone # Custom component group # CUSTOM_COMPONENT_GROUP= # keep blank if component group is default -CUSTOM_GROUP=hadoop \ No newline at end of file +CUSTOM_GROUP=hadoop diff --git a/plugin-presto/conf/ranger-presto-audit-changes.cfg b/plugin-presto/conf/ranger-presto-audit-changes.cfg index 94c2d24cac..1903d98ca6 100644 --- a/plugin-presto/conf/ranger-presto-audit-changes.cfg +++ b/plugin-presto/conf/ranger-presto-audit-changes.cfg @@ -38,6 +38,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-presto/scripts/install.properties b/plugin-presto/scripts/install.properties index f8e8ac1782..d72403c8ac 100644 --- a/plugin-presto/scripts/install.properties +++ b/plugin-presto/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/presto/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example diff --git a/plugin-solr/conf/ranger-solr-audit-changes.cfg b/plugin-solr/conf/ranger-solr-audit-changes.cfg index 5ab43d6c1a..c40512f9df 100644 --- a/plugin-solr/conf/ranger-solr-audit-changes.cfg +++ b/plugin-solr/conf/ranger-solr-audit-changes.cfg @@ -39,6 +39,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties index 1c292f1338..f54cce710d 100644 --- a/plugin-solr/scripts/install.properties +++ b/plugin-solr/scripts/install.properties @@ -50,6 +50,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/solr/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example @@ -175,4 +185,4 @@ CUSTOM_USER=solr # Custom component group # CUSTOM_COMPONENT_GROUP= # keep blank if component group is default -CUSTOM_GROUP=solr \ No newline at end of file +CUSTOM_GROUP=solr diff --git a/plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg b/plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg +++ b/plugin-sqoop/conf/ranger-sqoop-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-sqoop/scripts/install.properties b/plugin-sqoop/scripts/install.properties index 33d8813a88..d4b3b8114a 100644 --- a/plugin-sqoop/scripts/install.properties +++ b/plugin-sqoop/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/sqoop/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example diff --git a/plugin-trino/conf/ranger-trino-audit-changes.cfg b/plugin-trino/conf/ranger-trino-audit-changes.cfg index 94c2d24cac..1903d98ca6 100644 --- a/plugin-trino/conf/ranger-trino-audit-changes.cfg +++ b/plugin-trino/conf/ranger-trino-audit-changes.cfg @@ -38,6 +38,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-trino/scripts/install.properties b/plugin-trino/scripts/install.properties index 469b098c51..4e7d806e69 100644 --- a/plugin-trino/scripts/install.properties +++ b/plugin-trino/scripts/install.properties @@ -51,6 +51,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/trino/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example diff --git a/plugin-yarn/conf/ranger-yarn-audit-changes.cfg b/plugin-yarn/conf/ranger-yarn-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/plugin-yarn/conf/ranger-yarn-audit-changes.cfg +++ b/plugin-yarn/conf/ranger-yarn-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/plugin-yarn/scripts/install.properties b/plugin-yarn/scripts/install.properties index f7eb036144..bacf63c13d 100644 --- a/plugin-yarn/scripts/install.properties +++ b/plugin-yarn/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/yarn/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example diff --git a/storm-agent/conf/ranger-storm-audit-changes.cfg b/storm-agent/conf/ranger-storm-audit-changes.cfg index ec98baf3aa..651372d3ee 100644 --- a/storm-agent/conf/ranger-storm-audit-changes.cfg +++ b/storm-agent/conf/ranger-storm-audit-changes.cfg @@ -45,6 +45,16 @@ xasecure.audit.destination.solr.user %XAAUDIT.SOLR.USER% mod create-if-not-exist xasecure.audit.destination.solr.password %XAAUDIT.SOLR.PASSWORD% mod create-if-not-exists xasecure.audit.destination.solr.zookeepers %XAAUDIT.SOLR.ZOOKEEPER% mod create-if-not-exists xasecure.audit.destination.solr.batch.filespool.dir %XAAUDIT.SOLR.FILE_SPOOL_DIR% mod create-if-not-exists +xasecure.audit.destination.solr.force.use.inmemory.jaas.config %XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG% mod create-if-not-exists + +xasecure.audit.jaas.Client.loginModuleName %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.loginModuleControlFlag %XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useKeyTab %XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.storeKey %XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY% mod create-if-not-exists +xasecure.audit.jaas.Client.option.useTicketCache %XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE% mod create-if-not-exists +xasecure.audit.jaas.Client.option.serviceName %XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME% mod create-if-not-exists +xasecure.audit.jaas.Client.option.keyTab %XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB% mod create-if-not-exists +xasecure.audit.jaas.Client.option.principal %XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL% mod create-if-not-exists xasecure.audit.destination.elasticsearch %XAAUDIT.ELASTICSEARCH.ENABLE% mod create-if-not-exists xasecure.audit.destination.elasticsearch.urls %XAAUDIT.ELASTICSEARCH.URL% mod create-if-not-exists diff --git a/storm-agent/scripts/install.properties b/storm-agent/scripts/install.properties index 58be387f1e..83cd47449b 100644 --- a/storm-agent/scripts/install.properties +++ b/storm-agent/scripts/install.properties @@ -49,6 +49,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/storm/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM # Enable audit logs to ElasticSearch #Example From f6be92f8b4a322b5a84cc444a4a11be435cd2209 Mon Sep 17 00:00:00 2001 From: Madhan Neethiraj Date: Fri, 24 Oct 2025 11:04:12 -0700 Subject: [PATCH 2/3] RANGER-5383: added the new configurations to install.properties of plugins --- .../ozone/ranger-ozone-plugin-install.properties | 10 ++++++++++ .../ranger-hbase-plugin-install.properties | 10 ++++++++++ .../ranger-hdfs-plugin-install.properties | 10 ++++++++++ .../ranger-hive-plugin-install.properties | 10 ++++++++++ .../ranger-kafka-plugin-install.properties | 10 ++++++++++ .../ranger-knox-plugin-install.properties | 10 ++++++++++ .../ranger-trino-plugin-install.properties | 10 ++++++++++ .../ranger-yarn-plugin-install.properties | 10 ++++++++++ hbase-agent/scripts/install.properties | 16 ++++++++-------- hdfs-agent/scripts/install.properties | 16 ++++++++-------- hive-agent/scripts/install.properties | 16 ++++++++-------- kms/scripts/install.properties | 16 ++++++++-------- knox-agent/scripts/install.properties | 16 ++++++++-------- plugin-atlas/scripts/install.properties | 16 ++++++++-------- plugin-elasticsearch/scripts/install.properties | 16 ++++++++-------- plugin-kafka/scripts/install.properties | 16 ++++++++-------- plugin-kylin/scripts/install.properties | 16 ++++++++-------- plugin-ozone/scripts/install.properties | 16 ++++++++-------- plugin-presto/scripts/install.properties | 16 ++++++++-------- plugin-solr/scripts/install.properties | 16 ++++++++-------- plugin-sqoop/scripts/install.properties | 16 ++++++++-------- plugin-trino/scripts/install.properties | 16 ++++++++-------- plugin-yarn/scripts/install.properties | 16 ++++++++-------- storm-agent/scripts/install.properties | 16 ++++++++-------- 24 files changed, 208 insertions(+), 128 deletions(-) diff --git a/dev-support/ranger-docker/config/ozone/ranger-ozone-plugin-install.properties b/dev-support/ranger-docker/config/ozone/ranger-ozone-plugin-install.properties index b0e4ee1955..4fc7b9991c 100644 --- a/dev-support/ranger-docker/config/ozone/ranger-ozone-plugin-install.properties +++ b/dev-support/ranger-docker/config/ozone/ranger-ozone-plugin-install.properties @@ -46,6 +46,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ozone/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties index 11734b3d24..b33f97ff84 100644 --- a/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-hbase-plugin-install.properties @@ -48,6 +48,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/hbase/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties index 83b171025d..4642b67e7d 100644 --- a/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-hdfs-plugin-install.properties @@ -45,6 +45,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties index 1a5dde9ae3..70c49cd31f 100644 --- a/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-hive-plugin-install.properties @@ -46,6 +46,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties index fb9900c156..7f888151eb 100644 --- a/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-kafka-plugin-install.properties @@ -48,6 +48,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/kafka/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties index 2e05ddafe2..7c6531d584 100644 --- a/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-knox-plugin-install.properties @@ -45,6 +45,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/knox/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-trino-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-trino-plugin-install.properties index 8446f9383e..cf46842e38 100644 --- a/dev-support/ranger-docker/scripts/ranger-trino-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-trino-plugin-install.properties @@ -47,6 +47,16 @@ XAAUDIT.SOLR.USER=solr XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/trino/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch XAAUDIT.ELASTICSEARCH.ENABLE=false diff --git a/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties b/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties index 52ebb83df0..a61a898965 100644 --- a/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties +++ b/dev-support/ranger-docker/scripts/ranger-yarn-plugin-install.properties @@ -45,6 +45,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/yarn/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/hbase-agent/scripts/install.properties b/hbase-agent/scripts/install.properties index ae2849ec41..4ad1269b02 100644 --- a/hbase-agent/scripts/install.properties +++ b/hbase-agent/scripts/install.properties @@ -57,14 +57,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hbase/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/hdfs-agent/scripts/install.properties b/hdfs-agent/scripts/install.properties index 5aec809f30..fedecc1d25 100644 --- a/hdfs-agent/scripts/install.properties +++ b/hdfs-agent/scripts/install.properties @@ -51,14 +51,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/hdfs/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/hive-agent/scripts/install.properties b/hive-agent/scripts/install.properties index 98d7248d5d..4d8976b6d8 100644 --- a/hive-agent/scripts/install.properties +++ b/hive-agent/scripts/install.properties @@ -54,14 +54,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/kms/scripts/install.properties b/kms/scripts/install.properties index 4f7b0dcf67..499ebbaece 100755 --- a/kms/scripts/install.properties +++ b/kms/scripts/install.properties @@ -199,14 +199,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ranger/kms/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/knox-agent/scripts/install.properties b/knox-agent/scripts/install.properties index c389713d89..d4cfa5202b 100644 --- a/knox-agent/scripts/install.properties +++ b/knox-agent/scripts/install.properties @@ -49,14 +49,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/knox/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-atlas/scripts/install.properties b/plugin-atlas/scripts/install.properties index 8f22977ea2..fdcdbd3ec2 100644 --- a/plugin-atlas/scripts/install.properties +++ b/plugin-atlas/scripts/install.properties @@ -53,14 +53,14 @@ XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-elasticsearch/scripts/install.properties b/plugin-elasticsearch/scripts/install.properties index ea2a9f44f2..971b7c7970 100644 --- a/plugin-elasticsearch/scripts/install.properties +++ b/plugin-elasticsearch/scripts/install.properties @@ -51,14 +51,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/elasticsearch/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-kafka/scripts/install.properties b/plugin-kafka/scripts/install.properties index 59949cf5a2..12736c5b7c 100644 --- a/plugin-kafka/scripts/install.properties +++ b/plugin-kafka/scripts/install.properties @@ -52,14 +52,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/kafka/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-kylin/scripts/install.properties b/plugin-kylin/scripts/install.properties index 7300a13f68..e807b483ee 100644 --- a/plugin-kylin/scripts/install.properties +++ b/plugin-kylin/scripts/install.properties @@ -51,14 +51,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/kylin/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-ozone/scripts/install.properties b/plugin-ozone/scripts/install.properties index 45391d6d81..9285505a0c 100644 --- a/plugin-ozone/scripts/install.properties +++ b/plugin-ozone/scripts/install.properties @@ -52,14 +52,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/ozone/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-presto/scripts/install.properties b/plugin-presto/scripts/install.properties index d72403c8ac..fa3984a1ea 100644 --- a/plugin-presto/scripts/install.properties +++ b/plugin-presto/scripts/install.properties @@ -51,14 +51,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/presto/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-solr/scripts/install.properties b/plugin-solr/scripts/install.properties index f54cce710d..fb85fb2cbd 100644 --- a/plugin-solr/scripts/install.properties +++ b/plugin-solr/scripts/install.properties @@ -52,14 +52,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/solr/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-sqoop/scripts/install.properties b/plugin-sqoop/scripts/install.properties index d4b3b8114a..23c9545fc6 100644 --- a/plugin-sqoop/scripts/install.properties +++ b/plugin-sqoop/scripts/install.properties @@ -51,14 +51,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/sqoop/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-trino/scripts/install.properties b/plugin-trino/scripts/install.properties index 4e7d806e69..945ff26a4e 100644 --- a/plugin-trino/scripts/install.properties +++ b/plugin-trino/scripts/install.properties @@ -53,14 +53,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/trino/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/plugin-yarn/scripts/install.properties b/plugin-yarn/scripts/install.properties index bacf63c13d..c0be7ea403 100644 --- a/plugin-yarn/scripts/install.properties +++ b/plugin-yarn/scripts/install.properties @@ -51,14 +51,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hadoop/yarn/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example diff --git a/storm-agent/scripts/install.properties b/storm-agent/scripts/install.properties index 83cd47449b..80a1ba0929 100644 --- a/storm-agent/scripts/install.properties +++ b/storm-agent/scripts/install.properties @@ -51,14 +51,14 @@ XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/storm/audit/solr/spool XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=com.sun.security.auth.module.Krb5LoginModule -XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=required -XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=true -XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=true -XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=false -XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=serviceName -XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=/path/to/service.keytab -XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=principal/hostname@REALM +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% # Enable audit logs to ElasticSearch #Example From a2bef57cf6ad94d7dc7cedae002ea981e2f2e214 Mon Sep 17 00:00:00 2001 From: Madhan Neethiraj Date: Mon, 27 Oct 2025 22:08:17 -0700 Subject: [PATCH 3/3] RANGER-5383: updated docker setup properties for KMS plugin --- .../scripts/ranger-kms-install-mysql.properties | 10 ++++++++++ .../scripts/ranger-kms-install-oracle.properties | 10 ++++++++++ .../scripts/ranger-kms-install-postgres.properties | 10 ++++++++++ .../scripts/ranger-kms-install-sqlserver.properties | 10 ++++++++++ 4 files changed, 40 insertions(+) diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties index ed7ab2d82a..ae62c50e29 100755 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-mysql.properties @@ -163,6 +163,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties index 33097eb404..84286f0f99 100755 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-oracle.properties @@ -163,6 +163,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties index 35a3690078..d99f3ec8cf 100755 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-postgres.properties @@ -163,6 +163,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE diff --git a/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties b/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties index 04c96989be..2fb6a8aa52 100644 --- a/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties +++ b/dev-support/ranger-docker/scripts/ranger-kms-install-sqlserver.properties @@ -162,6 +162,16 @@ XAAUDIT.SOLR.USER=NONE XAAUDIT.SOLR.PASSWORD=NONE XAAUDIT.SOLR.ZOOKEEPER=NONE XAAUDIT.SOLR.FILE_SPOOL_DIR=/var/log/hive/audit/solr/spool +XAAUDIT.SOLR.USE_INMEMORY_JAAS_CFG=false + +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.LOGIN_MODULE_CONTROL_FLAG=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.STORE_KEY=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.USE_TICKET_CACHE=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.SERVICE_NAME=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.KEY_TAB=%EMPTY% +XAAUDIT.JAAS.CLIENT.OPTION.PRINCIPAL=%EMPTY% XAAUDIT.ELASTICSEARCH.ENABLE=false XAAUDIT.ELASTICSEARCH.URL=NONE