hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Wang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-10607) Create an API to Separate Credentials/Password Storage from Applications
Date Thu, 17 Jul 2014 18:19:07 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14065278#comment-14065278

Andrew Wang commented on HADOOP-10607:

Hey guys, few q's and comments:

* Why was this merged to branch-2? AFAIK this isn't being used by any Hadoop components yet,
so it doesn't belong in a release branch. I'd like to revert it out of branch-2 until there
is such a consumer.
* CredentialShell is using the double dash style for flags. I'm going to broaden the scope
of HADOOP-10793 to fix this for both KeyShell and CredentialShell.
* Larry, I think your IDE is auto-wrapping with tabs. I think this is default behavior with
Eclipse. Another thing you can do is configure `git diff` to highlight whitespace errors like
these for the future. Maybe we can fix some of these tabs in HADOOP-10793 too, or in a new
JIRA. Normally I'm against whitespace only changes, but this is mostly new code so there's
little chance of conflicts.

> Create an API to Separate Credentials/Password Storage from Applications
> ------------------------------------------------------------------------
>                 Key: HADOOP-10607
>                 URL: https://issues.apache.org/jira/browse/HADOOP-10607
>             Project: Hadoop Common
>          Issue Type: New Feature
>          Components: security
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>             Fix For: 3.0.0, 2.6.0
>         Attachments: 10607-10.patch, 10607-11.patch, 10607-12.patch, 10607-2.patch, 10607-3.patch,
10607-4.patch, 10607-5.patch, 10607-6.patch, 10607-7.patch, 10607-8.patch, 10607-9.patch,
10607-branch-2.patch, 10607.patch
> As with the filesystem API, we need to provide a generic mechanism to support multiple
credential storage mechanisms that are potentially from third parties. 
> We need the ability to eliminate the storage of passwords and secrets in clear text within
configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of CredentialProviders.
The implementation will look for implementations using the ServiceLoader interface and thus
support third party libraries.
> Two providers will be included in this patch. One using the credentials cache in MapReduce
jobs and the other using Java KeyStores from either HDFS or local file system. 
> A CredShell CLI will also be included in this patch which provides the ability to manage
the credentials within the stores.

This message was sent by Atlassian JIRA

View raw message