Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-11300

KMS startup scripts must not display the keystore / truststore passwords

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.6.0
    • 2.7.0
    • kms
    • None

    Description

      Sample output of the KMS startup scripts :

      Setting KMS_HOME:          /usr/lib/hadoop-kms
      Using   KMS_CONFIG:        /var/run/kms-config/
      Using   KMS_LOG:           /var/log/kms-log
      Using   KMS_TEMP:           /var/run/kms-tmp/
      Using   KMS_HTTP_PORT:     16000
      Using   KMS_ADMIN_PORT:     16001
      Using   KMS_MAX_THREADS:     250
      Using   KMS_SSL_KEYSTORE_FILE:     /etc/conf/kms-keystore.jks
      Using   KMS_SSL_KEYSTORE_PASS:     keystorepass
      Using   CATALINA_BASE:       /var/lib/kms/tomcat-deployment
      Using   KMS_CATALINA_HOME:       /usr/lib/hadoop-kms/lib/bigtop-tomcat
      Setting CATALINA_OUT:        /var/log/kms-log/kms-catalina.out
      Setting CATALINA_PID:        /tmp/kms.pid
      
      Using   CATALINA_OPTS:       ..... -Djavax.net.ssl.trustStorePassword=truststorepass ....
      Adding to CATALINA_OPTS:     -Dkms.home.dir=......  -Dkms.ssl.keystore.pass= keystorepass ....
      

      The keystore password and truststore password are in clear text.. which should be masked

      Attachments

        1. HADOOP-11300.1.patch
          3 kB
          Arun Suresh
        2. HADOOP-11300.2.patch
          16 kB
          Arun Suresh

        Issue Links

          Activity

            People

              asuresh Arun Suresh
              asuresh Arun Suresh
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: