Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

How to handle clear text password - hadoop credential Command

Labels:
avatar
author-rank suresh_b_k
Rising Star

Created ‎10-14-2017 09:54 AM

Hi Team,

I need to use Clear text password for HDP components. How to do that and what is the command to achieve the same hdfs

7,186 Views
0 Kudos
3 REPLIES 3

avatar
author-rank ahadjidj author-rank
Guru

Created ‎10-14-2017 02:26 PM

@suresh krish

What do you mean by handle clear text passwords ?

If you want to protect passwords in configuration files and don't let them clear text on disque then you can use the credential provider api https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-common/CredentialProviderAPI.html

You can create a jckes key and store your passwords on it and reference them in your conf file. The keystore can be stored on hdfs to be accessible for all nodes or local (to avoid closed loops)

Is this what you are looking for?

4,495 Views
0 Kudos

avatar
author-rank suresh_b_k
Rising Star

Created ‎10-15-2017 11:11 AM

Yes correct. getting bellow error

[hdfs@nn1 ~]$ hadoop credential create ssl.server.keystore.password -value 123 -provider localjceks://user/hdfs/hdfs.jceks java.lang.IllegalArgumentException: URI scheme is not "file" at java.io.File.<init>(File.java:421) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.initFileSystem(LocalJavaKeyStoreProvider.java:128) at org.apache.hadoop.security.alias.AbstractJavaKeyStoreProvider.<init>(AbstractJavaKeyStoreProvider.java:82) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.<init>(LocalJavaKeyStoreProvider.java:58) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider.<init>(LocalJavaKeyStoreProvider.java:50) at org.apache.hadoop.security.alias.LocalJavaKeyStoreProvider$Factory.createProvider(LocalJavaKeyStoreProvider.java:177) at org.apache.hadoop.security.alias.CredentialProviderFactory.getProviders(CredentialProviderFactory.java:58) at org.apache.hadoop.security.alias.CredentialShell$Command.getCredentialProvider(CredentialShell.java:176) at org.apache.hadoop.security.alias.CredentialShell$CreateCommand.validate(CredentialShell.java:338) at org.apache.hadoop.security.alias.CredentialShell.run(CredentialShell.java:67) at org.apache.hadoop.util.ToolRunner.run(ToolRunner.java:76) at org.apache.hadoop.security.alias.CredentialShell.main(CredentialShell.java:442)

4,495 Views
0 Kudos

avatar
author-rank ahadjidj author-rank
Guru

Created ‎10-15-2017 05:41 PM

@suresh krish

What are you trying to use? Keystore on HDFS or in local ?

You can read in the doc the following :

The JavaKeyStoreProvider, which is represented by the provider URI jceks://file|hdfs/path-to-keystore, is used to retrieve credentials from a Java keystore. The underlying use of the Hadoop filesystem abstraction allows credentials to be stored on the local filesystem or within HDFS.

and 

The LocalJavaKeyStoreProvider, which is represented by the provider URI localjceks://file/path-to-keystore, is used to access credentials from a Java keystore that is must be stored on the local filesystem.

You are using localjceks. So your URI should be localjceks://file/path-to-your-jceks. The file keyword is important. Also, the /user/hdfs in this case is a local so it should exist in your OS. If you want to use HDFS then you need jceks and URI jceks://hdfs/path-to-your-file

4,495 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements