[
https://issues.apache.org/jira/browse/HDFS-7580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14263689#comment-14263689
]
Yi Liu commented on HDFS-7580:
------------------------------
Hi [~qwertymaniac], the RPC is authenticated per connection, so for each socket
connection, the authentication happens once. It's not all requests to be
carried out with a kerberos authentication since the connection is used for
requests. So this should be not an issue.
For delegation token, it's indeed faster, but usually used in different
scenarios. For example the existing HDFS delegation token, there are several
reasons, some of them are:
*1.* It's used in MR jobs to access user's files/directories on HDFS.
*2.* Fast: it's a two-party authentication protocol only involving Client and
server.
> NN -> JN communication should use reusable authentication methods
> -----------------------------------------------------------------
>
> Key: HDFS-7580
> URL: https://issues.apache.org/jira/browse/HDFS-7580
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: journal-node, namenode
> Affects Versions: 2.5.0
> Reporter: Harsh J
>
> It appears that NNs talk to JNs via general SaslRPC in secure mode, causing
> all requests to be carried out with a kerberos authentication. This can cause
> delays and occasionally NN failures if the KDC used does not respond in its
> default timeout period (30s, whereas the QJM writes come with default of 20s).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
