hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-13923) Allow changing password on JavaKeyStoreProvider generated keystores
Date Wed, 21 Dec 2016 21:23:58 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15768199#comment-15768199
] 

Larry McCay commented on HADOOP-13923:
--------------------------------------

I didn't mean that "encouraging" statement to sound like a criticism really and hope it didn't
come across that way.
Yes, it would allow someone that wanted to change the password an external tool to do so but
it may falsely set expectations that you can do things like export the key, etc.

Adding a way to change the password along with hiding other details - like for JCEKS the same
one is used for the key passphrase as well - is a good addition to the key provider shell.
It may also provide the basis for what is needed for copy and or move commands. If we end
up with production providers that "needsPassword" then this would be useful there as well.

I have no objections to adding that functionality for providers that "needsPassword".
Thanks, [~xiaochen]!

> Allow changing password on JavaKeyStoreProvider generated keystores 
> --------------------------------------------------------------------
>
>                 Key: HADOOP-13923
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13923
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>    Affects Versions: 2.6.0
>            Reporter: Xiao Chen
>            Assignee: Xiao Chen
>         Attachments: HADOOP-13923.01.patch
>
>
> {{JavaKeyStoreProvider}} generates a jceks keystore file for key storage. Although we
have different fall backs in {{ProviderUtils#locatePassword}} to specify the keystore password,
it appears the password itself can never be changed after generation.
> This jira is to make it possible to change the keystore password.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message