You are viewing a plain text version of this content. The canonical link for it is here.
Posted to common-issues@hadoop.apache.org by "Arun Suresh (JIRA)" <ji...@apache.org> on 2014/11/13 00:40:33 UTC

[jira] [Updated] (HADOOP-11300) KMS startup scripts must not display the keystore / truststore passwords

     [ https://issues.apache.org/jira/browse/HADOOP-11300?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Arun Suresh updated HADOOP-11300:
---------------------------------
    Description: 
Sample output of the KMS startup scripts :

{noformat}
Setting KMS_HOME:          /usr/lib/hadoop-kms
Using   KMS_CONFIG:        /var/run/kms-config/
Using   KMS_LOG:           /var/log/kms-log
Using   KMS_TEMP:           /var/run/kms-tmp/
Using   KMS_HTTP_PORT:     16000
Using   KMS_ADMIN_PORT:     16001
Using   KMS_MAX_THREADS:     250
Using   KMS_SSL_KEYSTORE_FILE:     /etc/conf/kms-keystore.jks
Using   KMS_SSL_KEYSTORE_PASS:     keystorepass
Using   CATALINA_BASE:       /var/lib/kms/tomcat-deployment
Using   KMS_CATALINA_HOME:       /usr/lib/hadoop-kms/lib/bigtop-tomcat
Setting CATALINA_OUT:        /var/log/kms-log/kms-catalina.out
Setting CATALINA_PID:        /tmp/kms.pid

Using   CATALINA_OPTS:       ..... -Djavax.net.ssl.trustStorePassword=truststorepass ....
Adding to CATALINA_OPTS:     -Dkms.home.dir=......  -Dkms.ssl.keystore.pass= keystorepass ....
{noformat}

The keystore password and truststore password are in clear text.. which should be masked

  was:
Sample output of the KMS startup scripts :

{noformat}
Setting KMS_HOME:          /usr/lib/hadoop-kms
Using   KMS_CONFIG:        /var/run/kms-config/
Using   KMS_LOG:           /var/log/kms-log
Using   KMS_TEMP:           /var/run/kms-tmp/
Using   KMS_HTTP_PORT:     16000
Using   KMS_ADMIN_PORT:     16001
Using   KMS_MAX_THREADS:     250
Using   KMS_SSL_KEYSTORE_FILE:     /etc/conf/kms-keystore.jks
Using   KMS_SSL_KEYSTORE_PASS:     keystorepass
Using   CATALINA_BASE:       /var/lib/kms/tomcat-deployment
Using   KMS_CATALINA_HOME:       /usr/lib/hadoop-kms/lib/bigtop-tomcat
Setting CATALINA_OUT:        /var/log/kms-log/kms-catalina.out
Setting CATALINA_PID:        /tmp/kms.pid

Using   CATALINA_OPTS:       ..... -Djavax.net.ssl.trustStorePassword=truststorepass ....
Adding to CATALINA_OPTS:     -Dkms.home.dir=......  -Dkms.ssl.keystore.pass= keystorepass ....
{noformat}


> KMS startup scripts must not display the keystore / truststore passwords
> ------------------------------------------------------------------------
>
>                 Key: HADOOP-11300
>                 URL: https://issues.apache.org/jira/browse/HADOOP-11300
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: kms
>            Reporter: Arun Suresh
>
> Sample output of the KMS startup scripts :
> {noformat}
> Setting KMS_HOME:          /usr/lib/hadoop-kms
> Using   KMS_CONFIG:        /var/run/kms-config/
> Using   KMS_LOG:           /var/log/kms-log
> Using   KMS_TEMP:           /var/run/kms-tmp/
> Using   KMS_HTTP_PORT:     16000
> Using   KMS_ADMIN_PORT:     16001
> Using   KMS_MAX_THREADS:     250
> Using   KMS_SSL_KEYSTORE_FILE:     /etc/conf/kms-keystore.jks
> Using   KMS_SSL_KEYSTORE_PASS:     keystorepass
> Using   CATALINA_BASE:       /var/lib/kms/tomcat-deployment
> Using   KMS_CATALINA_HOME:       /usr/lib/hadoop-kms/lib/bigtop-tomcat
> Setting CATALINA_OUT:        /var/log/kms-log/kms-catalina.out
> Setting CATALINA_PID:        /tmp/kms.pid
> Using   CATALINA_OPTS:       ..... -Djavax.net.ssl.trustStorePassword=truststorepass ....
> Adding to CATALINA_OPTS:     -Dkms.home.dir=......  -Dkms.ssl.keystore.pass= keystorepass ....
> {noformat}
> The keystore password and truststore password are in clear text.. which should be masked



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)