[
https://issues.apache.org/jira/browse/HDFS-4056?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13487977#comment-13487977
]
Daryn Sharp commented on HDFS-4056:
-----------------------------------
bq. To me, a cluster is configured to run in either token testing mode or
production mode.
The original goal was to have only one code path so tokens are always used.
Ie. there is no testing mode. I've implemented PLAIN as a compromise but there
is no harm in having the secret manager running if a client using SIMPLE auth
choses to use tokens.
bq. IMO, they make the Client and Server less intelligent in the sense that
they don't recognize situations they used to recognize. I'm not sure their new
behavior is desirable. For example, Client will always look for token and try
to use it if found, even if configuration says otherwise.
I don't understand this objection. If a token is available, why not use it?
Under what scenario do you envision a client, for any external auth, requesting
a token and then not wanting to use it? If a cluster not using tokens wants to
talk to a cluster requiring tokens, then doesn't it have to send the token
regardless of the local config?
> Always start the NN's SecretManager
> -----------------------------------
>
> Key: HDFS-4056
> URL: https://issues.apache.org/jira/browse/HDFS-4056
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: name-node
> Affects Versions: 0.23.0, 2.0.0-alpha, 3.0.0
> Reporter: Daryn Sharp
> Assignee: Daryn Sharp
> Attachments: HDFS-4056.patch
>
>
> To support the ability to use tokens regardless of whether kerberos is
> enabled, the NN's secret manager should always be started.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
