[
https://issues.apache.org/jira/browse/HDFS-4056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13477142#comment-13477142
]
Kan Zhang commented on HDFS-4056:
---------------------------------
My comment is less about adding new auth options or combinations of internal
and external auth (which HADOOP-8758 and HADOOP-8779 are about), but more about
keeping existing ones. We've seen many use cases where a Hadoop cluster is
firewalled and all accesses to the cluster are proxy'ed through a few trusted
access points which authenticate users. Within the cluster security is turned
off. These setups don't support true multi-tenancy but may be OK for some
limited use cases. In such cases, why would the user pay the penalty of using
tokens and be subject to any instability caused by the bugs in the token
system? SIMPLE (external) + SIMPLE (internal) is a supported mode currently,
and IMHO, we should continue support it.
> Always start the NN's SecretManager
> -----------------------------------
>
> Key: HDFS-4056
> URL: https://issues.apache.org/jira/browse/HDFS-4056
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: name-node
> Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Attachments: HDFS-4056.patch
>
>
> To support the ability to use tokens regardless of whether kerberos is
> enabled, the NN's secret manager should always be started.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
