Moon, Vinay, Thank you for your response! Unfortunately password hashing works only in [users] section of shiro.ini file and LDAP credentials are listed in [main] section. I'm happy that you have a ticket about it. Hope it will be fixed soon.
Regards, Polina ________________________________________ From: Vinay Shukla [vinayshu...@gmail.com] Sent: Thursday, 4 August 2016 8:53 AM To: users@zeppelin.apache.org Subject: Re: Securing ldap password in shiro.ini Moon, Polina, Unfortunately the Shiro password hasher won't help. Polina's use case is encrypting password of AD/LDAP that Zeppelin uses to connect to an AD/LDAP. The shiro password hasher encrypts the password that zeppelin stores when AD/LDAP is not used and user accounts are kept in shiro itself. Zeppelin-530 tracks this requirement. thanks, Vinay On Wed, Aug 3, 2016 at 10:14 AM, moon soo Lee <m...@apache.org<mailto:m...@apache.org>> wrote: You can check http://shiro.apache.org/configuration.html#Configuration-EncryptingPasswords http://shiro.apache.org/command-line-hasher.html It looks useful to encrypt user's password. Document says it works for any other type of resources as well. I didn't tried it but hope it works your case, too. Thanks, moon On Mon, Aug 1, 2016 at 10:08 PM Polina Marasanova <polina.marasan...@quantium.com.au<mailto:polina.marasan...@quantium.com.au>> wrote: Hi everyone, I'm using Zeppelin with Active Directory authentication. Our LDAP server requires authentication as well. The problem that in shiro.ini ldap password is still visible and user can browse it via %sh interpreter activeDirectoryRealm.systemUsername = my_login activeDirectoryRealm.systemPassword = secret What would be a good way to secure ldap password? Cheers, Polina Marasanova
