[HADOOP-11300] KMS startup scripts must not display the keystore / truststore passwords - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 2.6.0
Fix Version/s: 2.7.0
Component/s: kms
Labels:
None

Target Version/s:

2.7.0

Description

Sample output of the KMS startup scripts :

Setting KMS_HOME:          /usr/lib/hadoop-kms
Using   KMS_CONFIG:        /var/run/kms-config/
Using   KMS_LOG:           /var/log/kms-log
Using   KMS_TEMP:           /var/run/kms-tmp/
Using   KMS_HTTP_PORT:     16000
Using   KMS_ADMIN_PORT:     16001
Using   KMS_MAX_THREADS:     250
Using   KMS_SSL_KEYSTORE_FILE:     /etc/conf/kms-keystore.jks
Using   KMS_SSL_KEYSTORE_PASS:     keystorepass
Using   CATALINA_BASE:       /var/lib/kms/tomcat-deployment
Using   KMS_CATALINA_HOME:       /usr/lib/hadoop-kms/lib/bigtop-tomcat
Setting CATALINA_OUT:        /var/log/kms-log/kms-catalina.out
Setting CATALINA_PID:        /tmp/kms.pid

Using   CATALINA_OPTS:       ..... -Djavax.net.ssl.trustStorePassword=truststorepass ....
Adding to CATALINA_OPTS:     -Dkms.home.dir=......  -Dkms.ssl.keystore.pass= keystorepass ....

The keystore password and truststore password are in clear text.. which should be masked

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HADOOP-11300.2.patch
14/Nov/14 10:08
16 kB
Arun Suresh
HADOOP-11300.1.patch
12/Nov/14 23:49
3 kB
Arun Suresh

Issue Links

is related to

HADOOP-10788 Rewrite kms to use new shell framework

Resolved

Activity

People

Assignee:: Arun Suresh

Reporter:: Arun Suresh

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 12/Nov/14 23:39

Updated:: 10/Apr/15 20:04

Resolved:: 25/Nov/14 23:12