[jira] [Updated] (HBASE-11810) Access SSL Passwords through Credential Provider API

Thu, 28 Aug 2014 16:25:26 -0700 

     [ 
https://issues.apache.org/jira/browse/HBASE-11810?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrew Purtell updated HBASE-11810:
-----------------------------------

       Resolution: Fixed
    Fix Version/s: 0.98.6
                   2.0.0
                   0.99.0
     Hadoop Flags: Reviewed
           Status: Resolved  (was: Patch Available)

Thanks! I tested the new unit test with 2.6.0-SNAPSHOT. Abbreviated test output:
{noformat}
2014-08-28 16:20:18,374 INFO  [main] 
hbase.TestHBaseConfiguration$ReflectiveCredentialProviderClient(201): 
Credential provider classes have been loaded and initialized successfully 
through reflection.
2014-08-28 16:20:18,715 WARN  [main] util.NativeCodeLoader(62): Unable to load 
native-hadoop library for your platform... using builtin-java classes where 
applicable
2014-08-28 16:20:19,129 DEBUG [main] hbase.HBaseConfiguration(183): Config 
option "ssl.keypass.alias" was found through the Configuration getPassword 
method.
2014-08-28 16:20:19,138 DEBUG [main] hbase.HBaseConfiguration(183): Config 
option "ssl.storepass.alias" was found through the Configuration getPassword 
method.

Tests run: 2, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 1.347 sec - in 
org.apache.hadoop.hbase.TestHBaseConfiguration

Results :

Tests run: 2, Failures: 0, Errors: 0, Skipped: 0
{noformat}


> Access SSL Passwords through Credential Provider API
> ----------------------------------------------------
>
>                 Key: HBASE-11810
>                 URL: https://issues.apache.org/jira/browse/HBASE-11810
>             Project: HBase
>          Issue Type: Improvement
>          Components: security
>            Reporter: Larry McCay
>            Assignee: Larry McCay
>             Fix For: 0.99.0, 2.0.0, 0.98.6
>
>         Attachments: HBASE_11810-2.patch, HBASE_11810.patch
>
>
> HADOOP-10607 introduced the credential provider API for allowing passwords 
> and other sensitive configuration items to be stored in an external provider.
> RESTServer is accessing passwords stored in clear text in Configuration 
> through the standard get() method. By using the new Configuration.getPassword 
> method instead, the credential provider API will be checked first then fall 
> back to clear text - when allowed.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Reply via email to