[ https://issues.apache.org/jira/browse/HADOOP-14063?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15973010#comment-15973010 ]
Yan commented on HADOOP-14063: ------------------------------ Breaking *any* existing library behavior is a risky practice, and should have had followed careful migration/compatibility/documentation paths and checks. My point is that any behavioral changes on the keystoreExists(), if deemed to be necessary, should be under a separate jira, not this one which just deals with the traversal of a list of keystore files and should have been addressed using existing or enhanced methods and not through changing existing ones. > Hadoop CredentialProvider fails to load list of keystore files > -------------------------------------------------------------- > > Key: HADOOP-14063 > URL: https://issues.apache.org/jira/browse/HADOOP-14063 > Project: Hadoop Common > Issue Type: Bug > Components: security > Reporter: ramtin > Assignee: ramtin > Attachments: HADOOP-14063-001.patch, HADOOP-14063-002.patch > > > The {{hadoop.security.credential.provider.path}} property can be a list of > keystore files like this: > _jceks://hdfs/file1.jceks,jceks://hdfs/file2.jceks,jceks://hdfs/file3.jceks > ..._ > Each file can have different permissions set to limit the users that have > access to the keys. Some users may not have access to all the keystore files. > Each keystore file in the list should be tried until one is found with the > key needed. > Currently it will throw an exception if one of the keystore files cannot be > loaded instead of continuing to try the next one in the list. -- This message was sent by Atlassian JIRA (v6.3.15#6346) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org