hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kan Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4056) Always start the NN's SecretManager
Date Wed, 31 Oct 2012 03:07:14 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13487475#comment-13487475

Kan Zhang commented on HDFS-4056:

bq. "Newer" clients can however request and use tokens, while "older" clients work the same
as before.

I'm not sure why "newer" or "older" clients matter. To me, a cluster is configured to run
in either token testing mode or production mode. There needs to be a conf flag to tell the
cluster which mode it is in. That flag tells a job whether it needs to use tokens or not.
The same flag can tell NN whether it needs to start its SecretManager (regardless the client
is newer or older).

bq. Even with or w/o SASL PLAIN auth, HADOOP-8733 and HADOOP-8784 should not be reverted.
They both implement correct behavior in a more general fashion.

IMO, they make the Client and Server less intelligent in the sense that they don't recognize
situations they used to recognize. I'm not sure their new behavior is desirable. For example,
Client will always look for token and try to use it if found, even if configuration says otherwise.
And the NN's RPC Server will always initialize SaslRpcServer even if SASL is not configured
(currently on NN, SecretManager object is always instantiated).
> Always start the NN's SecretManager
> -----------------------------------
>                 Key: HDFS-4056
>                 URL: https://issues.apache.org/jira/browse/HDFS-4056
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: name-node
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>         Attachments: HDFS-4056.patch
> To support the ability to use tokens regardless of whether kerberos is enabled, the NN's
secret manager should always be started.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message