Removing Clear-Text Passwords After Upgrade
Upon upgrade to release 7.0.0 or later, any clear-text passwords that existed in
ssl-client.xml
and ssl-server.xml
in a pre-7.0.0 release are
preserved by default. Remove these passwords by using a configure.sh
command
option.
Preserving the clear-text passwords during an upgrade maintains backward compatibility for any existing custom applications that rely on the passwords. However, data-fabric core components do not use any of these clear-text passwords.
In release 7.0.0, performing a new installation removes all clear-text passwords from the
ssl-client.xml
and ssl-server.xml
files. On upgrade, the
clear-text passwords are retained by default, but you can override this default to remove the
passwords as well.
Passwords are stored in encrypted format in the Hadoop Credential Provider stores which is
already configured in ssl-server.xml
. Client applications should add the
core-site.xml
resource using the Configuration.addResource()
Hadoop
API to access the trust store credential provider.
ssl-client.xml
and ssl-server.xml
that they are unable
to change. You can still proceed with the upgrade. Confirm that any custom applications
continue to run correctly with encrypted credential files, and remove a clear-text password
using the following configure.sh
command:/opt/mapr/server/configure.sh -R -removePasswordsInXML