[
https://issues.apache.org/jira/browse/HADOOP-10428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13960273#comment-13960273
]
Larry McCay commented on HADOOP-10428:
--------------------------------------
Good explanation for #1, Benoy. It is important to emphasize that
overwriting the char[] needs to be done in order to take advantage of the
narrower window.
For #2 - I'd like to further qualify your characterization of it - it is
not one password for all keystores in the entire system but the password to
be used by the client using the configuration to access the keystores
available to it. There can be an number of passwords used for the set of
keystores in a hadoop cluster. The current configuration of a client is
used to access the keystores it has access to at that time.
A separate jira and discussion is perfectly reasonable for what you have in
mind.
> JavaKeyStoreProvider should accept keystore password via configuration
> falling back to ENV VAR
> -----------------------------------------------------------------------------------------------
>
> Key: HADOOP-10428
> URL: https://issues.apache.org/jira/browse/HADOOP-10428
> Project: Hadoop Common
> Issue Type: Improvement
> Components: security
> Affects Versions: 3.0.0
> Reporter: Alejandro Abdelnur
> Assignee: Alejandro Abdelnur
> Attachments: HADOOP-10428.patch, HADOOP-10428.patch,
> HADOOP-10428.patch
>
>
> Currently the password for the {{JavaKeyStoreProvider}} must be set in an ENV
> VAR.
> Allowing the password to be set via configuration enables applications to
> interactively ask for the password before initializing the
> {{JavaKeyStoreProvider}}.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
