Riak CS - admin keys changing

Shaun McVey smcvey at basho.com
Mon Jan 16 04:02:43 EST 2017


Hi Toby,

If you put another user into the config, that's all it takes to make them
the admin user.  There's no special value that's set in the database
itself.  Any user can be an admin user, it doesn't even have to be the
first one created.  It's just whatever user you have set in the config.

Kind Regards,
Shaun

On Mon, Jan 16, 2017 at 1:02 AM, Toby Corkindale <toby at dryft.net> wrote:

> Hi,
> I have a follow-up question around this security aspect.
>
> If the riak-cs.conf and stanchion.conf files are changed so that their
> admin.key and admin.secret match a different user (eg. not that
> first-created admin user) then will that user now have admin-like
> privileges?
>
> Or are the admin-abilities determined by something set in the admin user's
> data in Riak?
>
> Thanks,
> Toby
>
> On Fri, 13 Jan 2017 at 16:38 Toby Corkindale <toby at dryft.net> wrote:
>
>> Thanks, Luke!
>>
>> On Fri, 13 Jan 2017 at 12:10 Luke Bakken <lbakken at basho.com> wrote:
>>
>> Hi Toby,
>>
>> When you create the user, the data is stored in Riak (and is the
>> authoritative location). The values must match in the config files to
>> provide credentials used when connecting to various parts of your CS
>> cluster.
>>
>> --
>> Luke Bakken
>> Engineer
>> lbakken at basho.com
>>
>> On Thu, Jan 12, 2017 at 3:47 PM, Toby Corkindale <toby at dryft.net> wrote:
>> > Hi,
>> > In Riak CS, the admin key and secret is in the config files for both CS
>> and
>> > Stanchion.
>> > Is that the authoritative location for the secrets, or is the
>> > initially-created admin user the source, and those just have to match?
>> >
>> > I tried to figure this out from the source code, but my Erlang really
>> isn't
>> > up to scratch :(
>> >
>> > Toby
>> >
>>
>>
> _______________________________________________
> riak-users mailing list
> riak-users at lists.basho.com
> http://lists.basho.com/mailman/listinfo/riak-users_lists.basho.com
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.basho.com/pipermail/riak-users_lists.basho.com/attachments/20170116/8e88f3f9/attachment-0002.html>


More information about the riak-users mailing list