ambari icon indicating copy to clipboard operation
ambari copied to clipboard
verified publisher icon apache

AMBARI-26061 : Add password validation criteria for ambari local users

Open himanshumaurya09876 opened this issue 1 year ago • 2 comments

What changes were proposed in this pull request?

Add password validation criteria for ambari local users

  1. Password should not contain the user name
  2. Password should not be same as previous n passwords

How was this patch tested?

  1. Installed Ambari
  2. Validated the password updation for admin user (covered both the password with the username and password matching previous passwords)
  3. Created another local user and similarly validated for that user
  4. Added the UTs also

Please review Ambari Contributing Guide before opening a pull request.

himanshumaurya09876 avatar Mar 21 '24 06:03 himanshumaurya09876

@himanshumaurya09876 I don't quite understand this PR. Could you please explain the use case for this feature? It would be great if you could provide some screenshots or similar.

JiaLiangC avatar Apr 27 '24 02:04 JiaLiangC

Hi @JiaLiangC This will add password validation criteria for ambari local users

  1. Password should not contain the user name
  2. Password should not be same as previous n passwords

If we will use password containing username or password matching previous n passwords (where n is configured in ambari.properties file using security.password.policy.history.count property) then ambari will not allow, like shown in below screenshots Screenshot 2024-05-02 at 1 24 28 PM Screenshot 2024-05-02 at 1 24 47 PM Screenshot 2024-05-02 at 1 25 10 PM Screenshot 2024-05-02 at 1 25 30 PM Screenshot 2024-05-02 at 1 25 45 PM

himanshumaurya09876 avatar May 02 '24 08:05 himanshumaurya09876

Hi @brahmareddybattula @arshadmohammad @vishalsuvagia @JiaLiangC @virajjasani Kindly review and merger this PR Thank you

himanshumaurya09876 avatar Jun 10 '24 06:06 himanshumaurya09876

Hi @brahmareddybattula @arshadmohammad @vishalsuvagia @JiaLiangC Kindly review and merger this PR Thank you

Sorry for later reply, i will test this feature as soon as possible

JiaLiangC avatar Jun 13 '24 02:06 JiaLiangC

Hi @brahmareddybattula @arshadmohammad @vishalsuvagia @JiaLiangC Kindly review and merger this PR Thank you

Sorry for later reply, i will test this feature as soon as possible

Thank you @JiaLiangC

himanshumaurya09876 avatar Jun 13 '24 11:06 himanshumaurya09876

LGTM +1 @virajjasani any more review from your side?

JiaLiangC avatar Jun 17 '24 01:06 JiaLiangC

Hi @brahmareddybattula @arshadmohammad @vishalsuvagia @JiaLiangC @virajjasani Kindly review and merger this PR Thank you

himanshumaurya09876 avatar Jun 18 '24 16:06 himanshumaurya09876

@himanshumaurya09876 Sorry, I don't have the permission to merge the code. We'll have to wait for another community member with the necessary permissions to do the merge.

JiaLiangC avatar Jun 19 '24 00:06 JiaLiangC

Let me get to it in a couple of days, unless anyone else can merge in the meantime? @arshadmohammad @JiaLiangC

virajjasani avatar Jun 19 '24 06:06 virajjasani

Let me get to it in a couple of days, unless anyone else can merge in the meantime? @arshadmohammad @JiaLiangC

Hi @virajjasani Can we kindly merge this pr?

himanshumaurya09876 avatar Jun 26 '24 08:06 himanshumaurya09876