[
https://issues.apache.org/jira/browse/HADOOP-13987?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15824669#comment-15824669
]
Larry McCay commented on HADOOP-13987:
--------------------------------------
Ahhh - I did misinterpret the load precedence as the load order which would
have the opposite effect.
bq. Totally agree with you on that the proposal increases the complexity and
the risk of misconfiguration. I am ok with Won't Fix or better docs if you
don't think the convenience of specifying SSL secrets in one central cred
provider along with other secrets outweighs the downsides.
This is a tough call in my mind. If we can articulate the complexities of
testing the SSL configuration across multiple machines with a central provider
path then maybe we can put some tests in place to justify it. Otherwise, I
would leave it as is. I can't say that am giving this a lot of cycles at the
moment - so maybe it isn't as complex an issue as it seems.
> Enhance SSLFactory support for Credential Provider
> --------------------------------------------------
>
> Key: HADOOP-13987
> URL: https://issues.apache.org/jira/browse/HADOOP-13987
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 2.6.0
> Reporter: John Zhuge
> Assignee: John Zhuge
>
> Testing CredentialProvider with KMS: populated the credentials file, added
> "hadoop.security.credential.provider.path" to core-site.xml, but "hadoop key
> list" failed due to incorrect password. So I added
> "hadoop.security.credential.provider.path" to ssl-client.xml, "hadoop key
> list" worked!
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
