hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Arpit Agarwal (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (HDFS-6666) Abort NameNode and DataNode startup if security is enabled but block access token is not enabled.
Date Mon, 06 Apr 2015 18:55:13 GMT

    [ https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14481610#comment-14481610
] 

Arpit Agarwal edited comment on HDFS-6666 at 4/6/15 6:54 PM:
-------------------------------------------------------------

Hi Vijay, the code change looks fine. You don't need the {{&& UserGroupInformation.isSecurityEnabled()}}
clause in {{DataNode#checkSecureConfig}}. Also suggest rewording _when clients attempt to
talk to a DataNode_ to _when clients attempt to connect to DataNodes_.

The behavior of {{TestSecureNameNode#testName}} has changed. We used to login as user1 using
keytab, now the test runs as the currently logged in user. Was this intentional?


was (Author: arpitagarwal):
Hi Vijay, the code change looks fine. You don't need the {{&& UserGroupInformation.isSecurityEnabled()}}
clause in {{DataNode#checkSecureConfig}}. Also suggest rewording _when clients attempt to
talk to a DataNode_ to _when clients attempt to connect to DataNodes_.

The behavior of {{TestSecureNameNode#testName}} has changed. We used to login as user1 using
keytab, now the test runs as the currently logged in user.

> Abort NameNode and DataNode startup if security is enabled but block access token is
not enabled.
> -------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-6666
>                 URL: https://issues.apache.org/jira/browse/HDFS-6666
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, namenode, security
>    Affects Versions: 3.0.0, 2.5.0
>            Reporter: Chris Nauroth
>            Assignee: Vijay Bhat
>            Priority: Minor
>         Attachments: HDFS-6666.001.patch
>
>
> Currently, if security is enabled by setting hadoop.security.authentication to kerberos,
but HDFS block access tokens are disabled by setting dfs.block.access.token.enable to false
(which is the default), then the NameNode logs an error and proceeds, and the DataNode proceeds
without even logging an error.  This jira proposes that this it's invalid to turn on security
but not turn on block access tokens, and that it would be better to fail fast and abort the
daemons during startup if this happens.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message