hadoop-mapreduce-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (MAPREDUCE-4551) Key Protection : Add ability to read keys and protect keys in JobClient and TTS/NodeManagers
Date Tue, 29 Jan 2013 14:59:13 GMT

    [ https://issues.apache.org/jira/browse/MAPREDUCE-4551?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13565423#comment-13565423

Daryn Sharp commented on MAPREDUCE-4551:

A few questions:
* Why aren't the credentials used as intended to store each secret individually?  Joining
the keys and values with a comma may be subject to issues if either contains a comma.
* Why is credentials fetching secrets from the system env?

> Key Protection :  Add ability to read keys and protect keys  in  JobClient and TTS/NodeManagers
> -----------------------------------------------------------------------------------------------
>                 Key: MAPREDUCE-4551
>                 URL: https://issues.apache.org/jira/browse/MAPREDUCE-4551
>             Project: Hadoop Map/Reduce
>          Issue Type: Sub-task
>          Components: job submission, security
>            Reporter: Benoy Antony
>            Assignee: Benoy Antony
>         Attachments: MR_4551_1_1.patch, MR_4551_trunk.patch
> Based on Cluster configuration, NodeManager/TaskTrackers set up Decrypters  to decrypt
the job's secrets.
> Based on Job configuration, JobClient reads secrets from a KeyStore using a Keyprovider
implementation and encrypts them using the cluster's public key.
> The encrypted secrets are stored in Job Credentials.
> The task addresses the following requirements:
> •	Plug in different key store mechanisms.
> •	Retrieve specified keys from a configured keystore as part of job submission
> •	Protect keys during its transport through the cluster.
> •	Make sure that keys are handed over only to the tasks of the correct job.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message