Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-10607

Create an API to Separate Credentials/Password Storage from Applications

    XMLWordPrintableJSON

Details

    • New Feature
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 2.6.0
    • security
    • None

    Description

      As with the filesystem API, we need to provide a generic mechanism to support multiple credential storage mechanisms that are potentially from third parties.

      We need the ability to eliminate the storage of passwords and secrets in clear text within configuration files or within code.

      Toward that end, I propose an API that is configured using a list of URLs of CredentialProviders. The implementation will look for implementations using the ServiceLoader interface and thus support third party libraries.

      Two providers will be included in this patch. One using the credentials cache in MapReduce jobs and the other using Java KeyStores from either HDFS or local file system.

      A CredShell CLI will also be included in this patch which provides the ability to manage the credentials within the stores.

      Attachments

        1. 10607.patch
          56 kB
          Larry McCay
        2. 10607-10.patch
          67 kB
          Larry McCay
        3. 10607-11.patch
          68 kB
          Larry McCay
        4. 10607-12.patch
          69 kB
          Larry McCay
        5. 10607-2.patch
          56 kB
          Larry McCay
        6. 10607-3.patch
          56 kB
          Larry McCay
        7. 10607-4.patch
          56 kB
          Larry McCay
        8. 10607-5.patch
          56 kB
          Larry McCay
        9. 10607-6.patch
          60 kB
          Larry McCay
        10. 10607-7.patch
          60 kB
          Larry McCay
        11. 10607-8.patch
          60 kB
          Larry McCay
        12. 10607-9.patch
          60 kB
          Larry McCay
        13. 10607-branch-2.patch
          64 kB
          Larry McCay

        Issue Links

          is depended upon by

          Bug - A problem which impairs or prevents the functions of the product. SLIDER-263 AM should no longer persist keystore password

          • Major - Major loss of function.
          • Resolved

          New Feature - A new feature of the product, which has yet to be developed. SLIDER-254 Use hadoop CredentialProvider for sensitive configs

          • Major - Major loss of function.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. HIVE-19746 Hadoop credential provider allows to read passwords for every user

          • Blocker - Blocks development and/or testing work, production could not run
          • Open

          New Feature - A new feature of the product, which has yet to be developed. HADOOP-9534 Credential Management Framework (CMF)

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HIVE-7175 Provide password file option to beeline

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-10829 Iteration on CredentialProviderFactory.serviceLoader is thread-unsafe

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-10831 UserProvider is not thread safe

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-10904 Provide Alt to Clear Text Passwords through Cred Provider API

          • Major - Major loss of function.
          • Resolved

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-10141 Create an API to separate encryption key storage from applications

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. HADOOP-10830 Missing lock in JavaKeyStoreProvider.createCredentialEntry

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. HIVE-7634 Use Configuration.getPassword() if available to eliminate passwords from hive-site.xml

          • Major - Major loss of function.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. ACCUMULO-2464 Trace user password required in plaintext in accumulo-site.xml

          • Major - Major loss of function.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-10834 Typo in CredentialShell usage

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. HADOOP-10833 Remove unused cache in UserProvider

          • Major - Major loss of function.
          • Closed

          Activity

            People

              lmccay Larry McCay
              lmccay Larry McCay
              Votes:
              0 Vote for this issue
              Watchers:
              21 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: