hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-11810) Access SSL Passwords through Credential Provider API
Date Thu, 28 Aug 2014 22:13:09 GMT

    [ https://issues.apache.org/jira/browse/HBASE-11810?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14114465#comment-14114465

Andrew Purtell commented on HBASE-11810:

Thanks [~lmccay], let me make a more specific request, hope that's clear: Please add DEBUG
level logging in ReflectiveCredentialProviderClient that indicates the credential provider
was loaded and instantiated successfully, and some logging that indicates the keystore was
successfully consulted. It's a unit test so actually INFO level is fine too, whatever you
prefer. And yes please don't print stack traces, send to them to log4j at WARN or ERROR level.

> Access SSL Passwords through Credential Provider API
> ----------------------------------------------------
>                 Key: HBASE-11810
>                 URL: https://issues.apache.org/jira/browse/HBASE-11810
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>            Reporter: Larry McCay
>         Attachments: HBASE_11810.patch
> HADOOP-10607 introduced the credential provider API for allowing passwords and other
sensitive configuration items to be stored in an external provider.
> RESTServer is accessing passwords stored in clear text in Configuration through the standard
get() method. By using the new Configuration.getPassword method instead, the credential provider
API will be checked first then fall back to clear text - when allowed.

This message was sent by Atlassian JIRA

View raw message