Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11300

KMS startup scripts must not display the keystore / truststore passwords

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.7.0
    • Component/s: kms
    • Labels:
      None
    • Target Version/s:

      Description

      Sample output of the KMS startup scripts :

      Setting KMS_HOME:          /usr/lib/hadoop-kms
      Using   KMS_CONFIG:        /var/run/kms-config/
      Using   KMS_LOG:           /var/log/kms-log
      Using   KMS_TEMP:           /var/run/kms-tmp/
      Using   KMS_HTTP_PORT:     16000
      Using   KMS_ADMIN_PORT:     16001
      Using   KMS_MAX_THREADS:     250
      Using   KMS_SSL_KEYSTORE_FILE:     /etc/conf/kms-keystore.jks
      Using   KMS_SSL_KEYSTORE_PASS:     keystorepass
      Using   CATALINA_BASE:       /var/lib/kms/tomcat-deployment
      Using   KMS_CATALINA_HOME:       /usr/lib/hadoop-kms/lib/bigtop-tomcat
      Setting CATALINA_OUT:        /var/log/kms-log/kms-catalina.out
      Setting CATALINA_PID:        /tmp/kms.pid
      
      Using   CATALINA_OPTS:       ..... -Djavax.net.ssl.trustStorePassword=truststorepass ....
      Adding to CATALINA_OPTS:     -Dkms.home.dir=......  -Dkms.ssl.keystore.pass= keystorepass ....
      

      The keystore password and truststore password are in clear text.. which should be masked

        Attachments

        1. HADOOP-11300.1.patch
          3 kB
          Arun Suresh
        2. HADOOP-11300.2.patch
          16 kB
          Arun Suresh

          Issue Links

            Activity

              People

              • Assignee:
                asuresh Arun Suresh
                Reporter:
                asuresh Arun Suresh
              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: