hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13923) Allow changing password on JavaKeyStoreProvider generated keystores
Date Tue, 20 Dec 2016 12:23:58 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15764084#comment-15764084

Larry McCay commented on HADOOP-13923:

[~xiaochen] - this is interesting.
I'm not sure that I like adding support for such a limited set of functionality of keytool
I do agree that we don't want to leak provider implementation details through the keyprovider
At the same time, requiring the user to know what providers can leverage keytool for certain
things but not others feels less than ideal.

I wonder whether we would be better served altogether to consider adding a move method that
would make a complete copy of a key into a another provider where the second JKS provider
will prompt for a new password. This could be added to the KeyShell and be able to be used
across provider types - be they builtin or custom.

> Allow changing password on JavaKeyStoreProvider generated keystores 
> --------------------------------------------------------------------
>                 Key: HADOOP-13923
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13923
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13923.01.patch
> {{JavaKeyStoreProvider}} generates a jceks keystore file for key storage. Although we
have different fall backs in {{ProviderUtils#locatePassword}} to specify the keystore password,
it appears the password itself can never be changed after generation.
> This jira is to make it possible to change the keystore password.

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message