[ 
https://issues.apache.org/jira/browse/HADOOP-13317?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15515123#comment-15515123
 ] 

Suraj Acharya edited comment on HADOOP-13317 at 9/23/16 2:15 AM:
-----------------------------------------------------------------

* The KMS does not support any other cipher other than AES/CTR in the current 
implementation. One can change the cipher in core-site.xml but that will throw 
an error since AES/CTR has been hardcoded. 
* I havent put some information in the logs because of either sensitive matter 
or access control. Putting material of a key is an information leak. Also, it 
is an information leak to print out the metadata and other information while 
being returned. I have logged mostly the incoming request information and the 
reason is the same.
* Also, I didnt wish to put information where ACLs protect transaction.
* I now get what you are saying about the exceptions. I think we should make 
that as a separate effort for the KMS. The reason being we will need to know 
the exceptions we wish to handle.


was (Author: sacharya):
* The KMS does not support any other cipher other than AES/CTR in the current 
implementation. One can change the cipher in core-site.xml but that will throw 
an error since AES/CTR has been hardcoded. 
* I havent put some information in the logs because of either sensitive matter 
or access control. Putting material of a key is an information leak. Also, it 
is an information leak to print out the metadata and other information while 
being returned. I have logged mostly the incoming request information and the 
reason is the same.
* Also, I didnt wish to put information where ACLs protect transaction.
* I know get what you are saying about the exceptions. I think we should make 
that as a separate effort for the KMS. The reason being we will need to know 
the exceptions we wish to handle.

> Add logs to KMS servier-side to improve supportability
> ------------------------------------------------------
>
>                 Key: HADOOP-13317
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13317
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: kms
>            Reporter: Xiao Chen
>            Assignee: Suraj Acharya
>            Priority: Minor
>              Labels: supportability
>         Attachments: HADOOP-13317-1.patch, HADOOP-13317-2.patch, 
> HADOOP-13317-3.patch, HADOOP-13317.patch
>
>
> [KMS.java|https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-kms/src/main/java/org/apache/hadoop/crypto/key/kms/server/KMS.java]
>  is the main class that serves KMS http requests. There're currently no logs 
> at all, making trouble shooting difficult.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to