Loading...
Loading...
Note: This does not apply to the admin user which is covered in articles Isilon: How to move the admin home directory and in DSA-2020-093: Dell Isilon OneFS and Dell PowerScale OneFS Security Update for NFS Configuration Vulnerabilities HDFS is enabled with /ifs as the HDFS root path, and simple authentication configured health check failures are seen for the user's home directories. [{'category': 'HEALTHCHECK', 'check_failed': 'admin_homedir_shared', 'reason': "failed on cluster due to ['The home directory of at least one user with either the ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE privilege is accessible via one or more shares configured with weak forms of user authentication. This may result in unauthorized users gaining node level access. It is strongly recommended to enable Kerberos-based authentication on the following shares. If that is not possible, alter the path of the share root or the location of the home directory to make them disjoint.', 'Home /ifs/home/DIRECTORY/USERNAME is insecurely shared by HDFS root directory for the System access zone.'
The criteria used by the admin_homedir_shared health check are as follows: Check if HDFS is enabled. Check if /ifs is configured as the HDFS root path. Check if simple authentication is used. Check if there are users with admin privileges such as ISI_PRIV_LOGIN_SSH or ISI_PRIV_LOGIN_CONSOLE . Check if that user has the home directory configuration of /ifs/home/NETBIOSNAME/USERNAME . This can be seen in isi auth users view <flagged user>. When all the above is met, the health check alerts that the user's home directory is configured with have weak authentication.
One of the following is recommended to address the health check alerts: If HDFS is no longer required, then the service can be disabled. If HDFS is required, then it is recommended to use Kerberos authentication.
Click on a version to see all relevant bugs
Dell Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.