[
https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14481610#comment-14481610
]
Arpit Agarwal commented on HDFS-6666:
-------------------------------------
Hi Vijay, the code change looks fine. You don't need the {{&&
UserGroupInformation.isSecurityEnabled()}} clause in
{{DataNode#checkSecureConfig}}. Also suggest rewording _when clients attempt to
talk to a DataNode_ to _when clients attempt to connect to DataNodes_.
The behavior of {{TestSecureNameNode#testName}} has changed. We used to login
as user1 using keytab, now the test runs as the currently logged in user.
> Abort NameNode and DataNode startup if security is enabled but block access
> token is not enabled.
> -------------------------------------------------------------------------------------------------
>
> Key: HDFS-6666
> URL: https://issues.apache.org/jira/browse/HDFS-6666
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: datanode, namenode, security
> Affects Versions: 3.0.0, 2.5.0
> Reporter: Chris Nauroth
> Assignee: Vijay Bhat
> Priority: Minor
> Attachments: HDFS-6666.001.patch
>
>
> Currently, if security is enabled by setting hadoop.security.authentication
> to kerberos, but HDFS block access tokens are disabled by setting
> dfs.block.access.token.enable to false (which is the default), then the
> NameNode logs an error and proceeds, and the DataNode proceeds without even
> logging an error. This jira proposes that this it's invalid to turn on
> security but not turn on block access tokens, and that it would be better to
> fail fast and abort the daemons during startup if this happens.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
