[jira] [Commented] (HADOOP-15855) Review hadoop credential doc, including object store details

Mon, 15 Oct 2018 16:49:09 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-15855?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16650972#comment-16650972
 ] 

Larry McCay commented on HADOOP-15855:
--------------------------------------

{code}

+To wrap a filesystem URIs with a `jceks` URI follow the following steps: + +1. 
Take a filesystem URI such as `hdfs://namenode:9001/users/alice/secrets.jceks` 
+1. Place `jceks://` in front of the URL: 
`jceks://hdfs://namenode:9001/users/alice/secrets.jceks` +1. Replace the second 
`://` string with an `@` symbol: 
`jceks://hdfs@namenode:9001/users/alice/secrets.jceks` +

{code}

s/a filesystem URIs/filesystem URIs/

{code}

It is also limited to PKI keypairs.

{code}

The above needs to be reverified with modern JDK versions of keytool.

{code}

Editors will not review the secrets stored within the keystore, nor will `cat`, 
`more` or any other standard tools. This is why the keystore providers are 
better than "side file" storage of credentials.

{code}

s/will not review/will not reveal/

Otherwise, looks good to me!

 

> Review hadoop credential doc, including object store details
> ------------------------------------------------------------
>
>                 Key: HADOOP-15855
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15855
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: documentation, security
>    Affects Versions: 3.2.0
>            Reporter: Steve Loughran
>            Assignee: Steve Loughran
>            Priority: Minor
>         Attachments: HADOOP-15855-001.patch
>
>
> I've got some changes to make to the hadoop credentials API doc; some minor 
> editing and examples of credential paths in object stores with some extra 
> details (i.e how you can't refer to a store from the same store URI)
> these examples need to come with unit tests to verify that the examples are 
> correct, obviously



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org

Reply via email to