hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Zhuge (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HADOOP-13987) Enhance SSLFactory support for Credential Provider
Date Fri, 13 Jan 2017 18:28:26 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-13987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15822062#comment-15822062
] 

John Zhuge edited comment on HADOOP-13987 at 1/13/17 6:27 PM:
--------------------------------------------------------------

Larry and I are discussing the pros and cons the following approaches to enhance {{SSLFactory#readSSLConfiguration}}:
* Read credential provider path. Whenever Credential Provider needs another property or any
other {{Configuration}} change might affect reading SSL properties, remember to update this
code.
* Create empty sslConf and add both {{ssl-MODE.xml}} and {{core-site.xml}} as configuration
resource
* Create sslConf as a clone of {{SSLFactory#conf}} then add {{ssl-MODE.xml}} as configuration
resource

Both 2 and 3 pull in lots of properties not needed for SSL. Any potential permission issues
or name collisions?


was (Author: jzhuge):
Larry and I are discussing the pros and cons the following approaches to enhance {{SSLFactory#readSSLConfiguration}}:
1. Read credential provider path. Whenever Credential Provider needs another property or any
other {{Configuration}} change might affect reading SSL properties, remember to update this
code.
2. Still create empty sslConf and add both {{ssl-MODE.xml}} and {{core-site.xml}} as configuration
resource
3. Create sslConf as a clone of {{SSLFactory#conf}} then add {{ssl-MODE.xml}} as configuration
resource

Both 2 and 3 pull in lots of properties not needed for SSL. Any potential permission issues
or name collisions?

> Enhance SSLFactory support for Credential Provider
> --------------------------------------------------
>
>                 Key: HADOOP-13987
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13987
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 2.6.0
>            Reporter: John Zhuge
>            Assignee: John Zhuge
>
> Testing CredentialProvider with KMS: populated the credentials file, added 
> "hadoop.security.credential.provider.path" to core-site.xml, but "hadoop key list" failed
due to incorrect password. So I added "hadoop.security.credential.provider.path" to ssl-client.xml,
"hadoop key list" worked! 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message