[ https://issues.apache.org/jira/browse/HADOOP-13441?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15414662#comment-15414662 ]
Yuanbo Liu commented on HADOOP-13441: ------------------------------------- {quote} This is good. Can you also add that "keystore password in `hadoop.security.group.mapping.ldap.ssl.keystore.password`" is highly discouraged...... {quote} This description overlaps the approach description in GroupsMapping.md. So I just add a new short line to address it. {quote} The second approach aka using `hadoop.security.group.mapping.ldap.ssl.keystore.password` is highly discouraged because it exposes the password in the configuration file. {quote} Others look good to me, upload v4 patch. [~jojochuang] Thanks a lot for your time! > Document LdapGroupsMapping keystore password properties > ------------------------------------------------------- > > Key: HADOOP-13441 > URL: https://issues.apache.org/jira/browse/HADOOP-13441 > Project: Hadoop Common > Issue Type: Bug > Components: security > Affects Versions: 2.6.0 > Reporter: Wei-Chiu Chuang > Assignee: Yuanbo Liu > Priority: Minor > Labels: documentation > Attachments: HADOOP-13441.001.patch, HADOOP-13441.002.patch, > HADOOP-13441.003.patch > > > A few properties are not documented. > {{hadoop.security.group.mapping.ldap.ssl.keystore.password}} > This property is used as an alias to get password from credential providers, > or, fall back to using the value as password in clear text. There is also a > caveat that credential providers can not be a HDFS-based file system, as > mentioned in HADOOP-11934, to prevent cyclic dependency issue. > This should be documented in core-default.xml and GroupsMapping.md > {{hadoop.security.credential.clear-text-fallback}} > This property controls whether or not to fall back to storing credential > password as cleartext. > This should be documented in core-default.xml. > {{hadoop.security.credential.provider.path}} > This is mentioned in _CredentialProvider API Guide_, but not in > core-default.xml > The "Supported Features" in _CredentialProvider API Guide_ should link back > to GroupsMapping.md#LDAP Groups Mapping > {{hadoop.security.credstore.java-keystore-provider.password-file}} > This is the password file to protect credential files. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org