Uploaded image for project: 'CDH (READ-ONLY)'
  1. CDH (READ-ONLY)
  2. DISTRO-852

Activity Monitor Web UI encryption and authentication

          Details

          • Type: Improvement
          • Status: Open
          • Priority: Major
          • Resolution: Unresolved
          • Affects Version/s: CDH 5.8.2
          • Fix Version/s: None
          • Component/s: Cloudera Manager, Security
          • Labels:
            None

            Description

            It appears that although the management agents can communicate using SSL/TLS and certificates, the 'Activity Monitor Web UI' services with titles like 'Firehose_SERVICE_MONITOR' and 'Headlamp Debug Server' (ranging from TCP port 8082-8089) cannot, and are accessible to anonymous users by default.

            The information displayed on these webUIs includes usernames, stack traces, host names and IP addresses, along with JRE version numbers.

            Would it be possible to add in TLS support to protect this data on the wire, and Kerberos HTTP SPNEGO authentication to ensure that only authorised users obtain access to the information?

              Attachments

                Activity

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    alphaskade Chris Addis
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    2 Start watching this issue

                    Dates

                    • Created:
                      Updated: