[
https://issues.apache.org/jira/browse/HADOOP-13987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15822062#comment-15822062
]
John Zhuge commented on HADOOP-13987:
-------------------------------------
Larry and I are discussing the pros and cons the following approaches to
enhance {{SSLFactory#readSSLConfiguration}}:
1. Read credential provider path. Whenever Credential Provider needs another
property or any other {{Configuration}} change might affect reading SSL
properties, remember to update this code.
2. Still create empty sslConf and add both {{ssl-MODE.xml}} and
{{core-site.xml}} as configuration resource
3. Create sslConf as a clone of {{SSLFactory#conf}} then add {{ssl-MODE.xml}}
as configuration resource
Both 2 and 3 pull in lots of properties not needed for SSL. Any potential
permission issues or name collisions?
> Enhance SSLFactory support for Credential Provider
> --------------------------------------------------
>
> Key: HADOOP-13987
> URL: https://issues.apache.org/jira/browse/HADOOP-13987
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.6.0
> Reporter: John Zhuge
> Assignee: John Zhuge
>
> Testing CredentialProvider with KMS: populated the credentials file, added
> "hadoop.security.credential.provider.path" to core-site.xml, but "hadoop key
> list" failed due to incorrect password. So I added
> "hadoop.security.credential.provider.path" to ssl-client.xml, "hadoop key
> list" worked!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
