Removing Clear-Text Passwords After Upgrade

Upon upgrade to release 7.0.0 or later, any clear-text passwords that existed in ssl-client.xml and ssl-server.xml in a pre-7.0.0 release are preserved by default. Remove these passwords by using a configure.sh command option.

Preserving the clear-text passwords during an upgrade maintains backward compatibility for any existing custom applications that rely on the passwords. However, data-fabric core components do not use any of these clear-text passwords.

In release 7.0.0, performing a new installation removes all clear-text passwords from the ssl-client.xml and ssl-server.xml files. On upgrade, the clear-text passwords are retained by default, but you can override this default to remove the passwords as well.

Passwords are stored in encrypted format in the Hadoop Credential Provider stores which is already configured in ssl-server.xml. Client applications should add the core-site.xml resource using the Configuration.addResource() Hadoop API to access the trust store credential provider.

Users who upgrade from a previous installation might have written custom applications that use ssl-client.xml and ssl-server.xml that they are unable to change. You can still proceed with the upgrade. Confirm that any custom applications continue to run correctly with encrypted credential files, and remove a clear-text password using the following configure.sh command:
/opt/mapr/server/configure.sh -R -removePasswordsInXML