[
https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Vijay Bhat updated HDFS-6666:
-----------------------------
Target Version/s: 2.6.0, 3.0.0 (was: 3.0.0, 2.6.0)
Release Note:
The patch has the following changes:
* Abort namenode and datanode startup if kerberos is enabled but block tokens
are not enabled.
* Test case that verifies the appropriate exception is thrown when the cluster
is brought up with kerberos enabled and block tokens disabled (using Chris N's
suggestion in the comments)
Status: Patch Available (was: Open)
> Abort NameNode and DataNode startup if security is enabled but block access
> token is not enabled.
> -------------------------------------------------------------------------------------------------
>
> Key: HDFS-6666
> URL: https://issues.apache.org/jira/browse/HDFS-6666
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: datanode, namenode, security
> Affects Versions: 2.5.0, 3.0.0
> Reporter: Chris Nauroth
> Assignee: Vijay Bhat
> Priority: Minor
>
> Currently, if security is enabled by setting hadoop.security.authentication
> to kerberos, but HDFS block access tokens are disabled by setting
> dfs.block.access.token.enable to false (which is the default), then the
> NameNode logs an error and proceeds, and the DataNode proceeds without even
> logging an error. This jira proposes that this it's invalid to turn on
> security but not turn on block access tokens, and that it would be better to
> fail fast and abort the daemons during startup if this happens.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
