[
https://issues.apache.org/jira/browse/HDFS-5688?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13853285#comment-13853285
]
Juan Carlos Fernandez commented on HDFS-5688:
---------------------------------------------
[~jingzhao]
In my configuration I'm running JN in host1 host2 and host3 and NN in host1 and
host2. Sharing core-site.xml and hdfs-site.xml. So there are only one
hadoop.rpc.protection (only with authenticate it works). Also add that it works
perfectly with nfs, instead of QJM of course, so it tell us everything is
working perfectly but JNs.
> Wire-encription in QJM
> ----------------------
>
> Key: HDFS-5688
> URL: https://issues.apache.org/jira/browse/HDFS-5688
> Project: Hadoop HDFS
> Issue Type: Bug
> Components: ha, journal-node, security
> Affects Versions: 2.2.0
> Reporter: Juan Carlos Fernandez
> Labels: security
>
> When HA is implemented with QJM and using kerberos, it's not possible to set
> wire-encrypted data.
> If it's set property hadoop.rpc.protection to something different to
> authentication it doesn't work propertly, getting the error:
> ERROR security.UserGroupInformation: PriviledgedActionException
> as:principal@REALM (auth:KERBEROS) cause:javax.security.sasl.SaslException:
> No common protection layer between client and server
> With NFS as shared storage everything works like a charm
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)
