Hadoop Common
  1. Hadoop Common
  2. HADOOP-10607

Create an API to Separate Credentials/Password Storage from Applications

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.6.0
    • Component/s: security
    • Labels:
      None

      Description

      As with the filesystem API, we need to provide a generic mechanism to support multiple credential storage mechanisms that are potentially from third parties.

      We need the ability to eliminate the storage of passwords and secrets in clear text within configuration files or within code.

      Toward that end, I propose an API that is configured using a list of URLs of CredentialProviders. The implementation will look for implementations using the ServiceLoader interface and thus support third party libraries.

      Two providers will be included in this patch. One using the credentials cache in MapReduce jobs and the other using Java KeyStores from either HDFS or local file system.

      A CredShell CLI will also be included in this patch which provides the ability to manage the credentials within the stores.

      1. 10607.patch
        56 kB
        Larry McCay
      2. 10607-10.patch
        67 kB
        Larry McCay
      3. 10607-11.patch
        68 kB
        Larry McCay
      4. 10607-12.patch
        69 kB
        Larry McCay
      5. 10607-2.patch
        56 kB
        Larry McCay
      6. 10607-3.patch
        56 kB
        Larry McCay
      7. 10607-4.patch
        56 kB
        Larry McCay
      8. 10607-5.patch
        56 kB
        Larry McCay
      9. 10607-6.patch
        60 kB
        Larry McCay
      10. 10607-7.patch
        60 kB
        Larry McCay
      11. 10607-8.patch
        60 kB
        Larry McCay
      12. 10607-9.patch
        60 kB
        Larry McCay
      13. 10607-branch-2.patch
        64 kB
        Larry McCay

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Larry McCay
              Reporter:
              Larry McCay
            • Votes:
              0 Vote for this issue
              Watchers:
              20 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development