[
https://issues.apache.org/jira/browse/HDFS-6666?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chris Nauroth updated HDFS-6666:
--------------------------------
Release Note: NameNode and DataNode now abort during startup if attempting
to run in secure mode, but block access tokens are not enabled by setting
configuration property dfs.block.access.token.enable to true in hdfs-site.xml.
Previously, this case logged a warning, because this would be an insecure
configuration. (was: The patch has the following changes:
* Abort namenode and datanode startup if kerberos is enabled but block tokens
are not enabled.
* Test case that verifies the appropriate exception is thrown when the cluster
is brought up with kerberos enabled and block tokens disabled (using Chris N's
suggestion in the comments))
> Abort NameNode and DataNode startup if security is enabled but block access
> token is not enabled.
> -------------------------------------------------------------------------------------------------
>
> Key: HDFS-6666
> URL: https://issues.apache.org/jira/browse/HDFS-6666
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: datanode, namenode, security
> Affects Versions: 2.7.1
> Reporter: Chris Nauroth
> Assignee: Vijay Bhat
> Priority: Minor
> Fix For: 2.8.0
>
> Attachments: HDFS-6666.001.patch, HDFS-6666.002.patch,
> HDFS-6666.003.patch, HDFS-6666.004.patch, HDFS-6666.005.patch
>
>
> Currently, if security is enabled by setting hadoop.security.authentication
> to kerberos, but HDFS block access tokens are disabled by setting
> dfs.block.access.token.enable to false (which is the default), then the
> NameNode logs an error and proceeds, and the DataNode proceeds without even
> logging an error. This jira proposes that this it's invalid to turn on
> security but not turn on block access tokens, and that it would be better to
> fail fast and abort the daemons during startup if this happens.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
