Community Articles

Find and share helpful community-sourced technical articles.
Labels (1)
avatar

Currently ranger does not support defining password of default admin users(rangerusersync and rangertagsync) during installation. This is a security concern if you miss to update the password post installation as default password for these users is same as username, thereby compromising admin access to ranger. There is plan to address this in future HDP release by allowing to define the passwords for admin users during installation, however for the time being below workaround can be used to enforce password policy. Once ranger installation is successful one can use below rest api get and put command to change the password of any user. This is helpful in case of automated cluster installation using ambari blueprint. To change the password of the user first get the user details using below call:

curl -s -u admin:admin -H "Accept: application/json" -H "Content-Type: application/json" -X GET http://h2.openstacklocal:6080/service/xusers/users/2 

You will get something like this.

{"id":2,"createDate":"2017-05-24T17:36:49Z","updateDate":"2017-05-25T08:09:25Z","owner":"Admin","updatedBy":"Admin","name":"rangerusersync","firstName":"rangerusersync","lastName":"","password":"*******","description":"rangerusersync","groupIdList":[],"groupNameList":[],"status":1,"isVisible":1,"userSource":0,"userRoleList":["ROLE_SYS_ADMIN"]}

Now send the PUT request with the above information after setting required password as give below:

curl -iv -u admin:admin -X PUT -H "Accept: application/json" -H "Content-Type: application/json" http://h2.openstacklocal:6080/service/xusers/secure/users/2 -d  '{"id":2,"createDate":"2017-05-24T17:36:49Z","updateDate":"2017-05-25T08:09:25Z","owner":"Admin","updatedBy":"Admin","name":"rangerusersync","firstName":"rangerusersync","lastName":"","password":"Password@123","description":"rangerusersync","groupIdList":[],"groupNameList":[],"status":1,"isVisible":1,"userSource":0,"userRoleList":["ROLE_SYS_ADMIN"]}'

PS : To change password of keyadmin user, use keyadmin credentials in REST api call. Thanks @Ronak bansal for testing this.

2,019 Views