[
https://issues.apache.org/jira/browse/HADOOP-13923?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15768199#comment-15768199
]
Larry McCay commented on HADOOP-13923:
--------------------------------------
I didn't mean that "encouraging" statement to sound like a criticism really and
hope it didn't come across that way.
Yes, it would allow someone that wanted to change the password an external tool
to do so but it may falsely set expectations that you can do things like export
the key, etc.
Adding a way to change the password along with hiding other details - like for
JCEKS the same one is used for the key passphrase as well - is a good addition
to the key provider shell. It may also provide the basis for what is needed for
copy and or move commands. If we end up with production providers that
"needsPassword" then this would be useful there as well.
I have no objections to adding that functionality for providers that
"needsPassword".
Thanks, [~xiaochen]!
> Allow changing password on JavaKeyStoreProvider generated keystores
> --------------------------------------------------------------------
>
> Key: HADOOP-13923
> URL: https://issues.apache.org/jira/browse/HADOOP-13923
> Project: Hadoop Common
> Issue Type: Improvement
> Components: kms
> Affects Versions: 2.6.0
> Reporter: Xiao Chen
> Assignee: Xiao Chen
> Attachments: HADOOP-13923.01.patch
>
>
> {{JavaKeyStoreProvider}} generates a jceks keystore file for key storage.
> Although we have different fall backs in {{ProviderUtils#locatePassword}} to
> specify the keystore password, it appears the password itself can never be
> changed after generation.
> This jira is to make it possible to change the keystore password.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
