hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-4551) Key Protection : Add ability to read keys and protect keys in JobClient and TTS/NodeManagers
Date Tue, 29 Jan 2013 14:59:13 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-4551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13565423#comment-13565423
] 

Daryn Sharp commented on MAPREDUCE-4551:
----------------------------------------

A few questions:
* Why aren't the credentials used as intended to store each secret individually?  Joining
the keys and values with a comma may be subject to issues if either contains a comma.
* Why is credentials fetching secrets from the system env?


                
> Key Protection :  Add ability to read keys and protect keys  in  JobClient and TTS/NodeManagers
> -----------------------------------------------------------------------------------------------
>
>                 Key: MAPREDUCE-4551
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4551
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: job submission, security
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: MR_4551_1_1.patch, MR_4551_trunk.patch
>
>
> Based on Cluster configuration, NodeManager/TaskTrackers set up Decrypters  to decrypt
the job's secrets.
> Based on Job configuration, JobClient reads secrets from a KeyStore using a Keyprovider
implementation and encrypts them using the cluster's public key.
> The encrypted secrets are stored in Job Credentials.
> The task addresses the following requirements:
> •	Plug in different key store mechanisms.
> •	Retrieve specified keys from a configured keystore as part of job submission
> •	Protect keys during its transport through the cluster.
> •	Make sure that keys are handed over only to the tasks of the correct job.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message