[
https://issues.apache.org/jira/browse/SLIDER-263?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14187776#comment-14187776
]
Jonathan Maron commented on SLIDER-263:
---------------------------------------
I'm starting to think that this is actually unnecessary.
Currently, when the AM starts, it generates a keystore password randomly and
maintains it in memory. Elements that require access to the keystore (SSL
related classes) request the password from SecurityUtils. If the AM restarts,
the keystore, password, etc are regenerated and, if two way SSL is enabled for
agent-AM communication, the new certificate is retrieved by the agents to
re-establish communication. So the keystore password actually never even need
to be persisted since it is only required for the life of the given AM instance.
I think I'll simply modify the existing implementation to not persist the
password to a file - there is no need. Similarly, there is no need to persist
the password to a credential provider.
> leverage CredentialProvider for password and possibly passphrase retrieval
> for agent SSL communication
> ------------------------------------------------------------------------------------------------------
>
> Key: SLIDER-263
> URL: https://issues.apache.org/jira/browse/SLIDER-263
> Project: Slider
> Issue Type: Bug
> Reporter: Jonathan Maron
> Assignee: Jonathan Maron
> Fix For: Slider 0.60
>
>
> Much like the accumulo approach in SLIDER-254, look at using the credential
> provider in the context of establishing SSL communication between the App
> Master and agents in spawned containers.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
