[jira] [Commented] (ACCUMULO-1009) Support encryption over the wire

Thu, 19 Sep 2013 10:28:04 -0700 

    [ 
https://issues.apache.org/jira/browse/ACCUMULO-1009?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13772036#comment-13772036
 ] 

Michael Berman commented on ACCUMULO-1009:
------------------------------------------

I'll start versioning my patches.

I wasn't thinking CertUtils would be the final interface to cert provisioning; 
I just provided that for our MAC testing and to bootstrap other developers 
trying out my patch.  As it is, it doesn't really do anything that keytool 
doesn't do, but my intention is that there would be another layer of tool on 
top of it that helps with the cluster management aspects.  So, you run 
{{accumulo init-ssl}} for the first time on one machine, and it generates all 
the certs, and sticks the root on HDFS somewhere.  Then, if you run init-ssl on 
another node, it copies the root to the local system, cuts a fresh private key 
off of it, and sticks both in the default locations.  The instance secret is 
also used as the keystore password, and the location in hdfs for the keystore 
is well known given an instance name, so there doesn't need to be any human 
intervention to cut new private keys for each new node, apart from running the 
script, assuming you're using all the defaults.  Of course, all of this would 
be optional; you can always stick in arbitrary keys from arbitrary sources.

WRT MAC, not only do I feel comfortable supporting it, I think it's super 
valuable for others to be able to test their own apps against SSL-enabled 
accumulo.

I'm fine getting rid of the sslEnabled constructors.

I think the proxy needs to support SSL on both sides.  A subticket definitely 
makes sense to me.
                
> Support encryption over the wire
> --------------------------------
>
>                 Key: ACCUMULO-1009
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-1009
>             Project: Accumulo
>          Issue Type: New Feature
>            Reporter: Keith Turner
>            Assignee: Michael Berman
>             Fix For: 1.6.0
>
>         Attachments: ACCUMULO-1009_thriftSsl.patch
>
>
> Need to support encryption between ACCUMULO clients and servers.  Also need 
> to encrypt communications between server and servers.   
> Basically need to make it possible for users to enable SSL+thrift.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to