[
https://issues.apache.org/jira/browse/HADOOP-15157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16311646#comment-16311646
]
Larry McCay commented on HADOOP-15157:
--------------------------------------
Hi [~grepas] - this is a good idea.
Couple comments/questions:
1. The general implementation pattern doesn't have the URIs set as the param
value as far as I know - I would have expected to either use the same
credential.provider.path property to have a credential store for zkAuth or to
have a separate property for zkAuth credential providers path and no value set
for the property itself. The latter usually only needed when the global path
would be inappropriate for the usage at hand. Having to set the URI at the
individual property level could lead to a proliferation of credential stores
and/or difficulty in keeping redundant URIs in sync across multiple properties.
2. I am missing where you are setting the value as the credential.provider.path
in conf so that conf.getPassword will find it (maybe it is there and I am just
not seeing it)
3. it appears that ZKUtil.BadAuthFormatException is also thrown from
getZKAuthInfos but is missing from javadoc (was previously as well)
4. credential provider docs would also need to be updated to reflect this new
usage - see
http://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html
> Zookeeper authentication related properties to support CredentialProviders
> --------------------------------------------------------------------------
>
> Key: HADOOP-15157
> URL: https://issues.apache.org/jira/browse/HADOOP-15157
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Gergo Repas
> Assignee: Gergo Repas
> Priority: Minor
> Attachments: HADOOP-15157.000.patch
>
>
> The hadoop.zk.auth and ha.zookeeper.auth properties currently support either
> a plain-text authentication info (in scheme:value format), or a
> @/path/to/file notation which points to a plain-text file.
> This ticket proposes that the value of these properties can also be
> CredentialProvider URI-s (such as a jceks or localjceks URI). This allows
> users to point to an encrypted store containing the authentication info.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
