hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15855) Review hadoop credential doc, including object store details
Date Mon, 15 Oct 2018 23:49:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16650972#comment-16650972
] 

Larry McCay commented on HADOOP-15855:
--------------------------------------

{code}

+To wrap a filesystem URIs with a `jceks` URI follow the following steps: + +1. Take a filesystem
URI such as `hdfs://namenode:9001/users/alice/secrets.jceks` +1. Place `jceks://` in front
of the URL: `jceks://hdfs://namenode:9001/users/alice/secrets.jceks` +1. Replace the second
`://` string with an `@` symbol: `jceks://hdfs@namenode:9001/users/alice/secrets.jceks` +

{code}

s/a filesystem URIs/filesystem URIs/

{code}

It is also limited to PKI keypairs.

{code}

The above needs to be reverified with modern JDK versions of keytool.

{code}

Editors will not review the secrets stored within the keystore, nor will `cat`, `more` or
any other standard tools. This is why the keystore providers are better than "side file" storage
of credentials.

{code}

s/will not review/will not reveal/

Otherwise, looks good to me!

 

> Review hadoop credential doc, including object store details
> ------------------------------------------------------------
>
>                 Key: HADOOP-15855
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15855
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: documentation, security
>    Affects Versions: 3.2.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Minor
>         Attachments: HADOOP-15855-001.patch
>
>
> I've got some changes to make to the hadoop credentials API doc; some minor editing and
examples of credential paths in object stores with some extra details (i.e how you can't refer
to a store from the same store URI)
> these examples need to come with unit tests to verify that the examples are correct,
obviously



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org


Mime
View raw message