[
https://issues.apache.org/jira/browse/HADOOP-13987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15823592#comment-15823592
]
John Zhuge commented on HADOOP-13987:
-------------------------------------
To enhance SSLFactory to support central credential provider, here is an idea:
# Create an empty sslConf
# Create an empty Properties {{centralProps}}
# Read SSL properties from the central configuration using {{getPassword}} into
{{centralProps}}
# Add {{centralProps}} as resource to sslConf. Can not just set properties to
sslConf because they will be added to overlay.
# Add {{ssl-MODE.xml}} as resource to sslConf
This approach loads the SSL properties in the following order:
# credential provider specified in {{ssl-MODE.xml}}
# clear text in {{ssl-MODE.xml}}
# credential provider from central configuration
# clear text in central configuration
> Enhance SSLFactory support for Credential Provider
> --------------------------------------------------
>
> Key: HADOOP-13987
> URL: https://issues.apache.org/jira/browse/HADOOP-13987
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.6.0
> Reporter: John Zhuge
> Assignee: John Zhuge
>
> Testing CredentialProvider with KMS: populated the credentials file, added
> "hadoop.security.credential.provider.path" to core-site.xml, but "hadoop key
> list" failed due to incorrect password. So I added
> "hadoop.security.credential.provider.path" to ssl-client.xml, "hadoop key
> list" worked!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
