[
https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14488282#comment-14488282
]
Chris Nauroth commented on HDFS-6666:
-------------------------------------
Thank you for making the suggested changes in the logging and the test.
I apologize if this was unclear in my last comment, but I actually was
suggesting that we remove NameNode.java completely from this patch. Instead,
the patch could change BlockManager.java. The
{{createBlockTokenSecretManager}} method already has the same logic to check
the configuration. It currently logs an error. We'd just need to change that
to throw an exception instead of logging.
> Abort NameNode and DataNode startup if security is enabled but block access
> token is not enabled.
> -------------------------------------------------------------------------------------------------
>
> Key: HDFS-6666
> URL: https://issues.apache.org/jira/browse/HDFS-6666
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: datanode, namenode, security
> Affects Versions: 3.0.0, 2.5.0
> Reporter: Chris Nauroth
> Assignee: Vijay Bhat
> Priority: Minor
> Attachments: HDFS-6666.001.patch, HDFS-6666.002.patch,
> HDFS-6666.003.patch
>
>
> Currently, if security is enabled by setting hadoop.security.authentication
> to kerberos, but HDFS block access tokens are disabled by setting
> dfs.block.access.token.enable to false (which is the default), then the
> NameNode logs an error and proceeds, and the DataNode proceeds without even
> logging an error. This jira proposes that this it's invalid to turn on
> security but not turn on block access tokens, and that it would be better to
> fail fast and abort the daemons during startup if this happens.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
