[
https://issues.apache.org/jira/browse/HADOOP-15157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Gergo Repas updated HADOOP-15157:
---------------------------------
Attachment: HADOOP-15157.001.patch
Thanks [~lmccay] for the valuable feedback.
1 - thanks for the correction - indeed credential.provider.path should be used.
Actually even patch 000 was relying on credential.provider.path, and was not
working with an URI that's not present in credential.provider.path. I'll edit
the ticket description to reflect that this: the hadoop.zk.auth and
ha.zookeeper.auth properties can be retrieved via the CredentialProviderAPI
that's been configured using the credential.provider.path, fallback is provided
to the clear-text value or @/path/to/file notation.
2 - due to the changes in point 1), this does not need to be addressed anymore
3 - fixed it
4 - I've adjusted the documentation.
> Zookeeper authentication related properties to support CredentialProviders
> --------------------------------------------------------------------------
>
> Key: HADOOP-15157
> URL: https://issues.apache.org/jira/browse/HADOOP-15157
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Reporter: Gergo Repas
> Assignee: Gergo Repas
> Priority: Minor
> Attachments: HADOOP-15157.000.patch, HADOOP-15157.001.patch
>
>
> The hadoop.zk.auth and ha.zookeeper.auth properties currently support either
> a plain-text authentication info (in scheme:value format), or a
> @/path/to/file notation which points to a plain-text file.
> This ticket proposes that the value of these properties can also be
> CredentialProvider URI-s (such as a jceks or localjceks URI). This allows
> users to point to an encrypted store containing the authentication info.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
