[GitHub] zeppelin pull request #1881: ZEPPELIN-1935 Add jceks stored password support...

Tue, 10 Jan 2017 05:39:08 -0800 

GitHub user r-kamath opened a pull request:

    https://github.com/apache/zeppelin/pull/1881

    ZEPPELIN-1935 Add jceks stored password support for jdbc interpreter

    ### What is this PR for?
    Add support for jceks stored password instead of using password in clear 
text. This security enhancement prevents any user from reading clear passwords 
from interpreter json using shell/py/spark etc. #1315 is the parent PR which 
fixed similar a issue in Active Directory (shiro.ini config).
    
    ### What type of PR is it?
    Improvement
    
    ### Todos
    
    ### What is the Jira issue?
    ZEPPELIN-1935
    
    ### How should this be tested?
    Create a keystore file using the hadoop credential commandline, for this 
the hadoop commons should be in the classpath.
    
    `hadoop credential create jdbc.password -provider 
jceks://file/user/zeppelin/conf/zeppelin.jceks`
    
    Use the jceks file and the key to configure jdbc interpreter. Example 
interpreter setting:
    
    ```
    default.driver      org.postgresql.Driver
    default.jceks.credentialKey jdbc.password
    default.jceks.file  jceks://file/tmp/zeppelin.jceks
    default.url jdbc:postgresql://rkamath-local-1:5432/
    default.user        rk-user
    ```
    
    ### Screenshots (if appropriate)
    <img width="1392" alt="screen shot 2017-01-10 at 7 02 12 pm" 
src="https://cloud.githubusercontent.com/assets/2031306/21808016/5e602982-d767-11e6-88f9-3d15b9a7f0b8.png";>
    
    
    
    ### Questions:
    * Does the licenses files need update? no
    * Is there breaking changes for older versions? no
    * Does this needs documentation? yes


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/r-kamath/zeppelin ZEPPELIN-1935

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zeppelin/pull/1881.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1881
    
----
commit d41d56c70d588cf8ecb3f3162d78e3fbe011ddad
Author: Renjith Kamath <renjith.kam...@gmail.com>
Date:   2017-01-10T13:22:16Z

    ZEPPELIN-1935 Add jceks stored password support for jdbc interpreter

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to