hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10428) JavaKeyStoreProvider should accept keystore password via configuration falling back to ENV VAR
Date Fri, 04 Apr 2014 17:36:20 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13960168#comment-13960168
] 

Larry McCay commented on HADOOP-10428:
--------------------------------------

Hi Benoy - #2 is an interesting point. I view the client side password configuration as the
master password for the keystores available to that client. For instance, a particular tenant
perhaps based on role would have access any number of keystores within the cluster deployment.
Having to provide the password for those keystores is sufficient, in my mind, since the file
permissions on the store itself should additional protect access to the protected keys. This
is in line with the intent of the environment variable specification of the master password.
In other words, the password is tied to the client rather than individual keystores. The passwords
for individual passwords are more aligned with their file permissions than being based on
their own identities/URIs.

> 	JavaKeyStoreProvider should accept keystore password via configuration falling back
to ENV VAR
> -----------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-10428
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10428
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.0.0
>            Reporter: Alejandro Abdelnur
>            Assignee: Alejandro Abdelnur
>         Attachments: HADOOP-10428.patch, HADOOP-10428.patch, HADOOP-10428.patch
>
>
> Currently the password for the {{JavaKeyStoreProvider}} must be set in an ENV VAR.
> Allowing the password to be set via configuration enables applications to interactively
ask for the password before initializing the {{JavaKeyStoreProvider}}.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message