[
https://issues.apache.org/jira/browse/HADOOP-11031?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15151360#comment-15151360
]
Larry McCay commented on HADOOP-11031:
--------------------------------------
bq. 3. Where the Configuration#getPassword method is mentioned, we can make it
a hyperlink to the JavaDocs.
Will do.
bq. 4. The document mentions that it will cover "how to create custom
providers" and "an example of its use will be included", but I didn't find
that. I assume it just wasn't done yet, so please consider adding it in the
next patch revision. I also think it's acceptable to drop the mention of it and
defer that kind of deep customization to a later patch. I think the initial
goal here was to make basic usage easier to understand.
The patch should have changed that to "This document aims to describe the
design of the CredentialProvider API, the out of the box implementations, where
they are used and how to adopt their use." Maybe you are seeing this somewhere
else that I missed?
bq. 6. I think we should discuss how to control the keystore password for the
jceks provider (HADOOP_CREDSTORE_PASSWORD environment variable or
hadoop.security.credstore.java-keystore-provider.password-file configuration
property if not in environment).
I didn't initially see the
hadoop.security.credstore.java-keystore-provider.password-file support in there
and though maybe that was just in the key provider API. Now, I see it is in the
abstract base class. I'll can cover those as well. The environment variable
approach isn't very useful since it can't be set into the environment easily
without it being visible in a script or possible to be available from MR jobs,
etc. I'm also not sure of the benefit of the
hadoop.security.credstore.java-keystore-provider.password-file. Protecting the
password to the keystore in a file that is protected with file permissions is
really no different than the keystore itseld being protected with file
permissions.
> Design Document for Credential Provider API
> -------------------------------------------
>
> Key: HADOOP-11031
> URL: https://issues.apache.org/jira/browse/HADOOP-11031
> Project: Hadoop Common
> Issue Type: Bug
> Components: site
> Reporter: Larry McCay
> Assignee: Larry McCay
> Attachments: CredentialProviderAPI.md, HADOOP-11031-001.patch,
> HADOOP-11031-002.patch
>
>
> Provide detailed overview of the design, intent and use of the credential
> management API.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)