Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to handle clear text password - hadoop credential Command

Highlighted

How to handle clear text password - hadoop credential Command

Explorer

Hi Team,

I need to use Clear text password for HDP components. How to do that and what is the command to achieve the same hdfs

3 REPLIES 3
Highlighted

Re: How to handle clear text password - hadoop credential Command

@suresh krish

What do you mean by handle clear text passwords ?

If you want to protect passwords in configuration files and don't let them clear text on disque then you can use the credential provider api https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html

You can create a jckes key and store your passwords on it and reference them in your conf file. The keystore can be stored on hdfs to be accessible for all nodes or local (to avoid closed loops)

Is this what you are looking for?

Re: How to handle clear text password - hadoop credential Command

Explorer

Yes correct. getting bellow error

[hdfs@nn1 ~]$ hadoop credential create ssl.server.keystore.password -value 123 -provider localjceks://user/hdfs/hdfs.jceks java.lang.IllegalArgumentException: URI scheme is not "file" at java.io.File.<init>(File.java:421) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.initFileSystem(LocalJavaKeyStoreProvider.java:128) at org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.<init>(AbstractJavaKeyStoreProvider.java:82) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.<init>(LocalJavaKeyStoreProvider.java:58) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.<init>(LocalJavaKeyStoreProvider.java:50) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider$Factory.createProvider(LocalJavaKeyStoreProvider.java:177) at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58) at org.apache.hadoop.security.alias.CredentialShell$Command.getCredentialProvider(CredentialShell.java:176) at org.apache.hadoop.security.alias.CredentialShell$CreateCommand.validate(CredentialShell.java:338) at org.apache.hadoop.security.alias.CredentialShell.run(CredentialShell.java:67) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76) at org.apache.hadoop.security.alias.CredentialShell.main(CredentialShell.java:442)

Highlighted

Re: How to handle clear text password - hadoop credential Command

@suresh krish

What are you trying to use? Keystore on HDFS or in local ?

You can read in the doc the following :

The JavaKeyStoreProvider, which is represented by the provider URI jceks://file|hdfs/path-to-keystore, is used to retrieve credentials from a Java keystore. The underlying use of the Hadoop filesystem abstraction allows credentials to be stored on the local filesystem or within HDFS.

and

The LocalJavaKeyStoreProvider, which is represented by the provider URI localjceks://file/path-to-keystore, is used to access credentials from a Java keystore that is must be stored on the local filesystem.

You are using localjceks. So your URI should be localjceks://file/path-to-your-jceks. The file keyword is important. Also, the /user/hdfs in this case is a local so it should exist in your OS. If you want to use HDFS then you need jceks and URI jceks://hdfs/path-to-your-file

Don't have an account?
Coming from Hortonworks? Activate your account here