Return-Path: 
 <hdfs-issues-return-116415-apmail-hadoop-hdfs-issues-archive=hadoop.apache.org@hadoop.apache.org>
X-Original-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org
Delivered-To: apmail-hadoop-hdfs-issues-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 185FD17899
	for <apmail-hadoop-hdfs-issues-archive@minotaur.apache.org>;
 Thu,  9 Apr 2015 00:21:13 +0000 (UTC)
Received: (qmail 56462 invoked by uid 500); 9 Apr 2015 00:21:12 -0000
Delivered-To: apmail-hadoop-hdfs-issues-archive@hadoop.apache.org
Received: (qmail 56409 invoked by uid 500); 9 Apr 2015 00:21:12 -0000
Mailing-List: contact hdfs-issues-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:hdfs-issues-help@hadoop.apache.org>
List-Unsubscribe: <mailto:hdfs-issues-unsubscribe@hadoop.apache.org>
List-Post: <mailto:hdfs-issues@hadoop.apache.org>
List-Id: <hdfs-issues.hadoop.apache.org>
Reply-To: hdfs-issues@hadoop.apache.org
Delivered-To: mailing list hdfs-issues@hadoop.apache.org
Received: (qmail 56268 invoked by uid 99); 9 Apr 2015 00:21:12 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 09 Apr 2015 00:21:12 +0000
Date: Thu, 9 Apr 2015 00:21:12 +0000 (UTC)
From: "Vijay Bhat (JIRA)" <jira@apache.org>
To: hdfs-issues@hadoop.apache.org
Message-ID: <JIRA.12726709.1405034478000.34013.1428538872706@Atlassian.JIRA>
In-Reply-To: <JIRA.12726709.1405034478000@Atlassian.JIRA>
References: <JIRA.12726709.1405034478000@Atlassian.JIRA>
 <JIRA.12726709.1405034478389@arcas>
Subject: [jira] [Commented] (HDFS-6666) Abort NameNode and DataNode startup
 if security is enabled but block access token is not enabled.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


    [ https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14486404#comment-14486404 ] 

Vijay Bhat commented on HDFS-6666:
----------------------------------

Thanks for the feedback [~cnauroth]. I've made the changes you recommend and resubmitted the patch.

> Abort NameNode and DataNode startup if security is enabled but block access token is not enabled.
> -------------------------------------------------------------------------------------------------
>
>                 Key: HDFS-6666
>                 URL: https://issues.apache.org/jira/browse/HDFS-6666
>             Project: Hadoop HDFS
>          Issue Type: Bug
>          Components: datanode, namenode, security
>    Affects Versions: 3.0.0, 2.5.0
>            Reporter: Chris Nauroth
>            Assignee: Vijay Bhat
>            Priority: Minor
>         Attachments: HDFS-6666.001.patch, HDFS-6666.002.patch, HDFS-6666.003.patch
>
>
> Currently, if security is enabled by setting hadoop.security.authentication to kerberos, but HDFS block access tokens are disabled by setting dfs.block.access.token.enable to false (which is the default), then the NameNode logs an error and proceeds, and the DataNode proceeds without even logging an error.  This jira proposes that this it's invalid to turn on security but not turn on block access tokens, and that it would be better to fail fast and abort the daemons during startup if this happens.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)