Joe McDonnell has posted comments on this change. ( http://gerrit.cloudera.org:8080/10418 )
Change subject: IMPALA-7035: Configure jceks.key.serialFilter for KMS. ...................................................................... Patch Set 1: (1 comment) http://gerrit.cloudera.org:8080/#/c/10418/1/testdata/cluster/node_templates/cdh6/etc/init.d/kms File testdata/cluster/node_templates/cdh6/etc/init.d/kms: http://gerrit.cloudera.org:8080/#/c/10418/1/testdata/cluster/node_templates/cdh6/etc/init.d/kms@32 PS1, Line 32: -Djceks.key.serialFilter=org.apache.hadoop.crypto.key.JavaKeyStoreProvider*" I assume older JVMs ignore this? Also, the description for the default jceks.key.serialFilter is: """ The default pattern allows java.lang.Enum, java.security.KeyRep, java.security.KeyRep$Type, and javax.crypto.spec.SecretKeySpec but rejects all the others. """ Do we need any of these others? >From here: http://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html -- To view, visit http://gerrit.cloudera.org:8080/10418 To unsubscribe, visit http://gerrit.cloudera.org:8080/settings Gerrit-Project: Impala-ASF Gerrit-Branch: master Gerrit-MessageType: comment Gerrit-Change-Id: I2d21c9cce3b91e8fd8b2b4f1cda75e3958c977d5 Gerrit-Change-Number: 10418 Gerrit-PatchSet: 1 Gerrit-Owner: Philip Zeyliger <phi...@cloudera.com> Gerrit-Reviewer: Joe McDonnell <joemcdonn...@cloudera.com> Gerrit-Comment-Date: Wed, 16 May 2018 18:19:00 +0000 Gerrit-HasComments: Yes