hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13923) Allow changing password on JavaKeyStoreProvider generated keystores
Date Tue, 20 Dec 2016 12:23:58 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15764084#comment-15764084
] 

Larry McCay commented on HADOOP-13923:
--------------------------------------

[~xiaochen] - this is interesting.
I'm not sure that I like adding support for such a limited set of functionality of keytool
though.
I do agree that we don't want to leak provider implementation details through the keyprovider
interface.
At the same time, requiring the user to know what providers can leverage keytool for certain
things but not others feels less than ideal.

I wonder whether we would be better served altogether to consider adding a move method that
would make a complete copy of a key into a another provider where the second JKS provider
will prompt for a new password. This could be added to the KeyShell and be able to be used
across provider types - be they builtin or custom.




> Allow changing password on JavaKeyStoreProvider generated keystores 
> --------------------------------------------------------------------
>
>                 Key: HADOOP-13923
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13923
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13923.01.patch
>
>
> {{JavaKeyStoreProvider}} generates a jceks keystore file for key storage. Although we
have different fall backs in {{ProviderUtils#locatePassword}} to specify the keystore password,
it appears the password itself can never be changed after generation.
> This jira is to make it possible to change the keystore password.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message