hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HBASE-11810) Access SSL Passwords through Credential Provider API
Date Thu, 28 Aug 2014 23:25:09 GMT

     [ https://issues.apache.org/jira/browse/HBASE-11810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andrew Purtell updated HBASE-11810:
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 0.98.6
                   2.0.0
                   0.99.0
     Hadoop Flags: Reviewed
           Status: Resolved  (was: Patch Available)

Thanks! I tested the new unit test with 2.6.0-SNAPSHOT. Abbreviated test output:
{noformat}
2014-08-28 16:20:18,374 INFO  [main] hbase.TestHBaseConfiguration$ReflectiveCredentialProviderClient(201):
Credential provider classes have been loaded and initialized successfully through reflection.
2014-08-28 16:20:18,715 WARN  [main] util.NativeCodeLoader(62): Unable to load native-hadoop
library for your platform... using builtin-java classes where applicable
2014-08-28 16:20:19,129 DEBUG [main] hbase.HBaseConfiguration(183): Config option "ssl.keypass.alias"
was found through the Configuration getPassword method.
2014-08-28 16:20:19,138 DEBUG [main] hbase.HBaseConfiguration(183): Config option "ssl.storepass.alias"
was found through the Configuration getPassword method.

Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.347 sec - in org.apache.hadoop.hbase.TestHBaseConfiguration

Results :

Tests run: 2, Failures: 0, Errors: 0, Skipped: 0
{noformat}


> Access SSL Passwords through Credential Provider API
> ----------------------------------------------------
>
>                 Key: HBASE-11810
>                 URL: https://issues.apache.org/jira/browse/HBASE-11810
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>             Fix For: 0.99.0, 2.0.0, 0.98.6
>
>         Attachments: HBASE_11810-2.patch, HBASE_11810.patch
>
>
> HADOOP-10607 introduced the credential provider API for allowing passwords and other
sensitive configuration items to be stored in an external provider.
> RESTServer is accessing passwords stored in clear text in Configuration through the standard
get() method. By using the new Configuration.getPassword method instead, the credential provider
API will be checked first then fall back to clear text - when allowed.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message