Daemeon, Can you, please, give me a bit of beef to your idea? I'm not sure I'm fully on board here.
Thanks, Oleg On Thu, Jan 14, 2016 at 4:52 PM, daemeon reiydelle <daeme...@gmail.com> wrote: > The keys don't have to be on the box. You do need a logi/password for c*. > > sent from my mobile > Daemeon C.M. Reiydelle > USA 415.501.0198 > London +44.0.20.8144.9872 > On Jan 14, 2016 5:16 PM, "oleg yusim" <olegyu...@gmail.com> wrote: > >> Greetings, >> >> Guys, can you please help me to understand following: >> >> I'm reading through the way keystore and truststore are implemented, and >> it is all fine and great, but at the end Cassandra documentation >> instructing to extract all the keystore content and leave all certs and >> keys in a clear. >> >> Do I miss something here? Why are we doing it? What is the point to even >> have a keystore then? It doesn't look very secure to me... >> >> Another item - cassandra.yaml has passwords from keystore and truststore >> - clear text... what is the point to have these stores then, if passwords >> are out? >> >> Thanks, >> >> Oleg >> >