[
https://issues.apache.org/jira/browse/HADOOP-13923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15764084#comment-15764084
]
Larry McCay commented on HADOOP-13923:
--------------------------------------
[~xiaochen] - this is interesting.
I'm not sure that I like adding support for such a limited set of functionality
of keytool though.
I do agree that we don't want to leak provider implementation details through
the keyprovider interface.
At the same time, requiring the user to know what providers can leverage
keytool for certain things but not others feels less than ideal.
I wonder whether we would be better served altogether to consider adding a move
method that would make a complete copy of a key into a another provider where
the second JKS provider will prompt for a new password. This could be added to
the KeyShell and be able to be used across provider types - be they builtin or
custom.
> Allow changing password on JavaKeyStoreProvider generated keystores
> --------------------------------------------------------------------
>
> Key: HADOOP-13923
> URL: https://issues.apache.org/jira/browse/HADOOP-13923
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.6.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HADOOP-13923.01.patch
>
>
> {{JavaKeyStoreProvider}} generates a jceks keystore file for key storage.
> Although we have different fall backs in {{ProviderUtils#locatePassword}} to
> specify the keystore password, it appears the password itself can never be
> changed after generation.
> This jira is to make it possible to change the keystore password.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
