[
https://issues.apache.org/jira/browse/HDFS-3873?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Daryn Sharp updated HDFS-3873:
------------------------------
Attachment: HDFS-3873.patch
Only considers a connection refused exception as "security disabled" since an
insecure cluster does not listen on the secure port. Note this prevents jobs
from launching w/o tokens.
I spent the better part of the day debugging why an oozie launcher task was
trying to get a hftp token. Turns out AES was specified in krb5.conf which
caused a SSL exception that was silently swallowed during job submission. The
job launched and the tasks failed with user not authenticated messages from the
NN. This patch evolved from the debugging effort.
> Hftp assumes security is disabled if token fetch fails
> ------------------------------------------------------
>
> Key: HDFS-3873
> URL: https://issues.apache.org/jira/browse/HDFS-3873
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: hdfs client
> Affects Versions: 0.23.3, 3.0.0, 2.2.0-alpha
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Attachments: HDFS-3873.patch
>
>
> Hftp ignores all exceptions generated while trying to get a token, based on
> the assumption that it means security is disabled. Debugging problems is
> excruciatingly difficult when security is enabled but something goes wrong.
> Job submissions succeed, but tasks fail because the NN rejects the user as
> unauthenticated.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
