hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Larry McCay (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HADOOP-15855) Review hadoop credential doc, including object store details
Date Mon, 15 Oct 2018 23:49:00 GMT

    [ https://issues.apache.org/jira/browse/HADOOP-15855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16650972#comment-16650972

Larry McCay commented on HADOOP-15855:


+To wrap a filesystem URIs with a `jceks` URI follow the following steps: + +1. Take a filesystem
URI such as `hdfs://namenode:9001/users/alice/secrets.jceks` +1. Place `jceks://` in front
of the URL: `jceks://hdfs://namenode:9001/users/alice/secrets.jceks` +1. Replace the second
`://` string with an `@` symbol: `jceks://hdfs@namenode:9001/users/alice/secrets.jceks` +


s/a filesystem URIs/filesystem URIs/


It is also limited to PKI keypairs.


The above needs to be reverified with modern JDK versions of keytool.


Editors will not review the secrets stored within the keystore, nor will `cat`, `more` or
any other standard tools. This is why the keystore providers are better than "side file" storage
of credentials.


s/will not review/will not reveal/

Otherwise, looks good to me!


> Review hadoop credential doc, including object store details
> ------------------------------------------------------------
>                 Key: HADOOP-15855
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15855
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: documentation, security
>    Affects Versions: 3.2.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Minor
>         Attachments: HADOOP-15855-001.patch
> I've got some changes to make to the hadoop credentials API doc; some minor editing and
examples of credential paths in object stores with some extra details (i.e how you can't refer
to a store from the same store URI)
> these examples need to come with unit tests to verify that the examples are correct,

This message was sent by Atlassian JIRA

To unsubscribe, e-mail: common-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-issues-help@hadoop.apache.org

View raw message