[
https://issues.apache.org/jira/browse/HDFS-4056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13487475#comment-13487475
]
Kan Zhang commented on HDFS-4056:
---------------------------------
bq. "Newer" clients can however request and use tokens, while "older" clients
work the same as before.
I'm not sure why "newer" or "older" clients matter. To me, a cluster is
configured to run in either token testing mode or production mode. There needs
to be a conf flag to tell the cluster which mode it is in. That flag tells a
job whether it needs to use tokens or not. The same flag can tell NN whether it
needs to start its SecretManager (regardless the client is newer or older).
bq. Even with or w/o SASL PLAIN auth, HADOOP-8733 and HADOOP-8784 should not be
reverted. They both implement correct behavior in a more general fashion.
IMO, they make the Client and Server less intelligent in the sense that they
don't recognize situations they used to recognize. I'm not sure their new
behavior is desirable. For example, Client will always look for token and try
to use it if found, even if configuration says otherwise. And the NN's RPC
Server will always initialize SaslRpcServer even if SASL is not configured
(currently on NN, SecretManager object is always instantiated).
> Always start the NN's SecretManager
> -----------------------------------
>
> Key: HDFS-4056
> URL: https://issues.apache.org/jira/browse/HDFS-4056
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: name-node
> Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Attachments: HDFS-4056.patch
>
>
> To support the ability to use tokens regardless of whether kerberos is
> enabled, the NN's secret manager should always be started.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
