Riak CS - admin keys changing

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Riak CS - admin keys changing

Toby Corkindale-2
Hi,
In Riak CS, the admin key and secret is in the config files for both CS and Stanchion.
Is that the authoritative location for the secrets, or is the initially-created admin user the source, and those just have to match?

I tried to figure this out from the source code, but my Erlang really isn't up to scratch :(

Toby

_______________________________________________
riak-users mailing list
[hidden email]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Riak CS - admin keys changing

Luke Bakken
Hi Toby,

When you create the user, the data is stored in Riak (and is the
authoritative location). The values must match in the config files to
provide credentials used when connecting to various parts of your CS
cluster.

--
Luke Bakken
Engineer
[hidden email]

On Thu, Jan 12, 2017 at 3:47 PM, Toby Corkindale <[hidden email]> wrote:

> Hi,
> In Riak CS, the admin key and secret is in the config files for both CS and
> Stanchion.
> Is that the authoritative location for the secrets, or is the
> initially-created admin user the source, and those just have to match?
>
> I tried to figure this out from the source code, but my Erlang really isn't
> up to scratch :(
>
> Toby
>
> _______________________________________________
> riak-users mailing list
> [hidden email]
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>

_______________________________________________
riak-users mailing list
[hidden email]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Riak CS - admin keys changing

Toby Corkindale-2
Thanks, Luke!

On Fri, 13 Jan 2017 at 12:10 Luke Bakken <[hidden email]> wrote:
Hi Toby,

When you create the user, the data is stored in Riak (and is the
authoritative location). The values must match in the config files to
provide credentials used when connecting to various parts of your CS
cluster.

--
Luke Bakken
Engineer
[hidden email]

On Thu, Jan 12, 2017 at 3:47 PM, Toby Corkindale <[hidden email]> wrote:
> Hi,
> In Riak CS, the admin key and secret is in the config files for both CS and
> Stanchion.
> Is that the authoritative location for the secrets, or is the
> initially-created admin user the source, and those just have to match?
>
> I tried to figure this out from the source code, but my Erlang really isn't
> up to scratch :(
>
> Toby
>

_______________________________________________
riak-users mailing list
[hidden email]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Riak CS - admin keys changing

Toby Corkindale-2
Hi,
I have a follow-up question around this security aspect.

If the riak-cs.conf and stanchion.conf files are changed so that their admin.key and admin.secret match a different user (eg. not that first-created admin user) then will that user now have admin-like privileges?

Or are the admin-abilities determined by something set in the admin user's data in Riak?

Thanks,
Toby

On Fri, 13 Jan 2017 at 16:38 Toby Corkindale <[hidden email]> wrote:
Thanks, Luke!

On Fri, 13 Jan 2017 at 12:10 Luke Bakken <[hidden email]> wrote:
Hi Toby,

When you create the user, the data is stored in Riak (and is the
authoritative location). The values must match in the config files to
provide credentials used when connecting to various parts of your CS
cluster.

--
Luke Bakken
Engineer
[hidden email]

On Thu, Jan 12, 2017 at 3:47 PM, Toby Corkindale <[hidden email]> wrote:
> Hi,
> In Riak CS, the admin key and secret is in the config files for both CS and
> Stanchion.
> Is that the authoritative location for the secrets, or is the
> initially-created admin user the source, and those just have to match?
>
> I tried to figure this out from the source code, but my Erlang really isn't
> up to scratch :(
>
> Toby
>

_______________________________________________
riak-users mailing list
[hidden email]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Riak CS - admin keys changing

Shaun McVey
Hi Toby,

If you put another user into the config, that's all it takes to make them the admin user.  There's no special value that's set in the database itself.  Any user can be an admin user, it doesn't even have to be the first one created.  It's just whatever user you have set in the config.

Kind Regards,
Shaun

On Mon, Jan 16, 2017 at 1:02 AM, Toby Corkindale <[hidden email]> wrote:
Hi,
I have a follow-up question around this security aspect.

If the riak-cs.conf and stanchion.conf files are changed so that their admin.key and admin.secret match a different user (eg. not that first-created admin user) then will that user now have admin-like privileges?

Or are the admin-abilities determined by something set in the admin user's data in Riak?

Thanks,
Toby

On Fri, 13 Jan 2017 at 16:38 Toby Corkindale <[hidden email]> wrote:
Thanks, Luke!

On Fri, 13 Jan 2017 at 12:10 Luke Bakken <[hidden email]> wrote:
Hi Toby,

When you create the user, the data is stored in Riak (and is the
authoritative location). The values must match in the config files to
provide credentials used when connecting to various parts of your CS
cluster.

--
Luke Bakken
Engineer
[hidden email]

On Thu, Jan 12, 2017 at 3:47 PM, Toby Corkindale <[hidden email]> wrote:
> Hi,
> In Riak CS, the admin key and secret is in the config files for both CS and
> Stanchion.
> Is that the authoritative location for the secrets, or is the
> initially-created admin user the source, and those just have to match?
>
> I tried to figure this out from the source code, but my Erlang really isn't
> up to scratch :(
>
> Toby
>

_______________________________________________
riak-users mailing list
[hidden email]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com



_______________________________________________
riak-users mailing list
[hidden email]
http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
Loading...