[
https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14389703#comment-14389703
]
Vijay Bhat commented on HDFS-6666:
----------------------------------
[~cnauroth], [~arpitagarwal] I can take this on.
I've made the code changes for the namenode and datanode to abort if they find
an inconsistency between security being enabled and the block access token
disabled.
I've also added a test case in
org.apache.hadoop.hdfs.server.namenode.TestSecureNameNode, however I am having
trouble getting kerberos test cases to execute. The test always seems to get
skipped. I tried running with the kerberos profile
(https://github.com/apache/hadoop/blob/trunk/hadoop-common-project/hadoop-auth/BUILDING.txt)
with the command:
mvn test -PtestKerberos
-Dtest=org.apache.hadoop.hdfs.server.namenode.TestSecureNameNode
All test cases in TestSecureNameNode still get skipped. Any pointers on how I
can get them to run? Appreciate the help!
> Abort NameNode and DataNode startup if security is enabled but block access
> token is not enabled.
> -------------------------------------------------------------------------------------------------
>
> Key: HDFS-6666
> URL: https://issues.apache.org/jira/browse/HDFS-6666
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: datanode, namenode, security
> Affects Versions: 3.0.0, 2.5.0
> Reporter: Chris Nauroth
> Assignee: Vijay Bhat
> Priority: Minor
>
> Currently, if security is enabled by setting hadoop.security.authentication
> to kerberos, but HDFS block access tokens are disabled by setting
> dfs.block.access.token.enable to false (which is the default), then the
> NameNode logs an error and proceeds, and the DataNode proceeds without even
> logging an error. This jira proposes that this it's invalid to turn on
> security but not turn on block access tokens, and that it would be better to
> fail fast and abort the daemons during startup if this happens.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
