[
https://issues.apache.org/jira/browse/HADOOP-17284?focusedWorklogId=490449&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-490449
]
ASF GitHub Bot logged work on HADOOP-17284:
-------------------------------------------
Author: ASF GitHub Bot
Created on: 24/Sep/20 23:00
Start Date: 24/Sep/20 23:00
Worklog Time Spent: 10m
Work Description: xiaoyuyao opened a new pull request #2334:
URL: https://github.com/apache/hadoop/pull/2334
https://issues.apache.org/jira/browse/HADOOP-17284
Adding support for Bouncy Castle FIPS keystore type for Hadoop Credential
Provider.
This is a compatible change that support bcfks and localbcfks similar to
jceks and localjceks. Test has been done manually with FIPS enabled OS/JDK.
`hadoop credential create pass1 -value changeit -provider
localbcfks://file/tmp/test.bcfks
pass1 has been successfully created.
Provider localbcfks://file/tmp/test.bcfks was updated.
hadoop credential list -provider localbcfks://file/tmp/test.bcfks
Listing aliases for CredentialProvider: localbcfks://file/tmp/test.bcfks
pass1
root@xyao-fips-1 jars]# hadoop credential delete pass1 -provider
bcfks://file/tmp/test.bcfks.2
You are about to DELETE the credential pass1 from CredentialProvider
bcfks://file/tmp/test.bcfks.2. Continue? (Y or N) Y
Deleting credential: pass1 from CredentialProvider:
bcfks://file/tmp/test.bcfks.2
Credential pass1 has been successfully deleted.
Provider bcfks://file/tmp/test.bcfks.2 was updated.
[root@xyao-fips-1 jars]# hadoop credential list -provider
bcfks://file/tmp/test.bcfks.2
Listing aliases for CredentialProvider: bcfks://file/tmp/test.bcfks.2`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 490449)
Remaining Estimate: 0h
Time Spent: 10m
> Support BCFKS keystores for Hadoop Credential Provider
> ------------------------------------------------------
>
> Key: HADOOP-17284
> URL: https://issues.apache.org/jira/browse/HADOOP-17284
> Project: Hadoop Common
> Issue Type: Improvement
> Affects Versions: 3.3.0
> Reporter: Xiaoyu Yao
> Assignee: Xiaoyu Yao
> Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Hadoop Credential Provider provides an extensible mechanism to manage
> sensitive tokens like passwords for the cluster. It currently only support
> JCEKS store type from JDK.
> This ticket is opened to add support BCFKS (Bouncy Castle FIPS) key store
> type for some higher security requirement use cases assuming OS/JDK has been
> updated with FIPS security provider for Java Security.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
