Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How to handle clear text password - hadoop credential Command

avatar
Rising Star

Hi Team,

I need to use Clear text password for HDP components. How to do that and what is the command to achieve the same hdfs

3 REPLIES 3

avatar

@suresh krish

What do you mean by handle clear text passwords ?

If you want to protect passwords in configuration files and don't let them clear text on disque then you can use the credential provider api https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html

You can create a jckes key and store your passwords on it and reference them in your conf file. The keystore can be stored on hdfs to be accessible for all nodes or local (to avoid closed loops)

Is this what you are looking for?

avatar
Rising Star

Yes correct. getting bellow error

[hdfs@nn1 ~]$ hadoop credential create ssl.server.keystore.password -value 123 -provider localjceks://user/hdfs/hdfs.jceks java.lang.IllegalArgumentException: URI scheme is not "file" at java.io.File.<init>(File.java:421) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.initFileSystem(LocalJavaKeyStoreProvider.java:128) at org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.<init>(AbstractJavaKeyStoreProvider.java:82) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.<init>(LocalJavaKeyStoreProvider.java:58) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.<init>(LocalJavaKeyStoreProvider.java:50) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider$Factory.createProvider(LocalJavaKeyStoreProvider.java:177) at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58) at org.apache.hadoop.security.alias.CredentialShell$Command.getCredentialProvider(CredentialShell.java:176) at org.apache.hadoop.security.alias.CredentialShell$CreateCommand.validate(CredentialShell.java:338) at org.apache.hadoop.security.alias.CredentialShell.run(CredentialShell.java:67) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76) at org.apache.hadoop.security.alias.CredentialShell.main(CredentialShell.java:442)

avatar

@suresh krish

What are you trying to use? Keystore on HDFS or in local ?

You can read in the doc the following :

The JavaKeyStoreProvider, which is represented by the provider URI jceks://file|hdfs/path-to-keystore, is used to retrieve credentials from a Java keystore. The underlying use of the Hadoop filesystem abstraction allows credentials to be stored on the local filesystem or within HDFS.

and

The LocalJavaKeyStoreProvider, which is represented by the provider URI localjceks://file/path-to-keystore, is used to access credentials from a Java keystore that is must be stored on the local filesystem.

You are using localjceks. So your URI should be localjceks://file/path-to-your-jceks. The file keyword is important. Also, the /user/hdfs in this case is a local so it should exist in your OS. If you want to use HDFS then you need jceks and URI jceks://hdfs/path-to-your-file