[
https://issues.apache.org/jira/browse/HADOOP-10607?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14065278#comment-14065278
]
Andrew Wang commented on HADOOP-10607:
--------------------------------------
Hey guys, few q's and comments:
* Why was this merged to branch-2? AFAIK this isn't being used by any Hadoop
components yet, so it doesn't belong in a release branch. I'd like to revert it
out of branch-2 until there is such a consumer.
* CredentialShell is using the double dash style for flags. I'm going to
broaden the scope of HADOOP-10793 to fix this for both KeyShell and
CredentialShell.
* Larry, I think your IDE is auto-wrapping with tabs. I think this is default
behavior with Eclipse. Another thing you can do is configure `git diff` to
highlight whitespace errors like these for the future. Maybe we can fix some of
these tabs in HADOOP-10793 too, or in a new JIRA. Normally I'm against
whitespace only changes, but this is mostly new code so there's little chance
of conflicts.
> Create an API to Separate Credentials/Password Storage from Applications
> ------------------------------------------------------------------------
>
> Key: HADOOP-10607
> URL: https://issues.apache.org/jira/browse/HADOOP-10607
> Project: Hadoop Common
> Issue Type: New Feature
> Components: security
> Reporter: Larry McCay
> Assignee: Larry McCay
> Fix For: 3.0.0, 2.6.0
>
> Attachments: 10607-10.patch, 10607-11.patch, 10607-12.patch,
> 10607-2.patch, 10607-3.patch, 10607-4.patch, 10607-5.patch, 10607-6.patch,
> 10607-7.patch, 10607-8.patch, 10607-9.patch, 10607-branch-2.patch, 10607.patch
>
>
> As with the filesystem API, we need to provide a generic mechanism to support
> multiple credential storage mechanisms that are potentially from third
> parties.
> We need the ability to eliminate the storage of passwords and secrets in
> clear text within configuration files or within code.
> Toward that end, I propose an API that is configured using a list of URLs of
> CredentialProviders. The implementation will look for implementations using
> the ServiceLoader interface and thus support third party libraries.
> Two providers will be included in this patch. One using the credentials cache
> in MapReduce jobs and the other using Java KeyStores from either HDFS or
> local file system.
> A CredShell CLI will also be included in this patch which provides the
> ability to manage the credentials within the stores.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
