[
https://issues.apache.org/jira/browse/HADOOP-11300?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14212524#comment-14212524
]
Aaron T. Myers commented on HADOOP-11300:
-----------------------------------------
This approach seems reasonable to me, and the latest patch looks pretty good to
me as well. Arun, can you comment on what you testing you've done of this patch?
[~aw] - does this approach seem like it'll be sufficient to you?
> KMS startup scripts must not display the keystore / truststore passwords
> ------------------------------------------------------------------------
>
> Key: HADOOP-11300
> URL: https://issues.apache.org/jira/browse/HADOOP-11300
> Project: Hadoop Common
> Issue Type: Bug
> Components: kms
> Affects Versions: 2.6.0
> Reporter: Arun Suresh
> Assignee: Arun Suresh
> Attachments: HADOOP-11300.1.patch, HADOOP-11300.2.patch
>
>
> Sample output of the KMS startup scripts :
> {noformat}
> Setting KMS_HOME: /usr/lib/hadoop-kms
> Using KMS_CONFIG: /var/run/kms-config/
> Using KMS_LOG: /var/log/kms-log
> Using KMS_TEMP: /var/run/kms-tmp/
> Using KMS_HTTP_PORT: 16000
> Using KMS_ADMIN_PORT: 16001
> Using KMS_MAX_THREADS: 250
> Using KMS_SSL_KEYSTORE_FILE: /etc/conf/kms-keystore.jks
> Using KMS_SSL_KEYSTORE_PASS: keystorepass
> Using CATALINA_BASE: /var/lib/kms/tomcat-deployment
> Using KMS_CATALINA_HOME: /usr/lib/hadoop-kms/lib/bigtop-tomcat
> Setting CATALINA_OUT: /var/log/kms-log/kms-catalina.out
> Setting CATALINA_PID: /tmp/kms.pid
> Using CATALINA_OPTS: .....
> -Djavax.net.ssl.trustStorePassword=truststorepass ....
> Adding to CATALINA_OPTS: -Dkms.home.dir=...... -Dkms.ssl.keystore.pass=
> keystorepass ....
> {noformat}
> The keystore password and truststore password are in clear text.. which
> should be masked
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
