hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Daryn Sharp (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4056) Always start the NN's SecretManager
Date Wed, 31 Oct 2012 17:19:17 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13487977#comment-13487977

Daryn Sharp commented on HDFS-4056:

bq. To me, a cluster is configured to run in either token testing mode or production mode.

The original goal was to have only one code path so tokens are always used.  Ie. there is
no testing mode.  I've implemented PLAIN as a compromise but there is no harm in having the
secret manager running if a client using SIMPLE auth choses to use tokens.

bq.  IMO, they make the Client and Server less intelligent in the sense that they don't recognize
situations they used to recognize. I'm not sure their new behavior is desirable. For example,
Client will always look for token and try to use it if found, even if configuration says otherwise.

I don't understand this objection.  If a token is available, why not use it?  Under what scenario
do you envision a client, for any external auth, requesting a token and then not wanting to
use it?  If a cluster not using tokens wants to talk to a cluster requiring tokens, then doesn't
it have to send the token regardless of the local config?
> Always start the NN's SecretManager
> -----------------------------------
>                 Key: HDFS-4056
>                 URL: https://issues.apache.org/jira/browse/HDFS-4056
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: name-node
>    Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
>            Reporter: Daryn Sharp
>            Assignee: Daryn Sharp
>         Attachments: HDFS-4056.patch
> To support the ability to use tokens regardless of whether kerberos is enabled, the NN's
secret manager should always be started.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message