Thx, guys, I have solved the problem finally, the client library I use is libhdfs3, which have not updated the SASL part, so it will report error in handshake phase. Then I configured and started the secure datanode in privileged port, it worked. By the way, the encryption doesn’t matter with the SASL or kerberos if the dfs.data.transfer.protection is set to authentication.
> On 28 Jun 2018, at 12:16 PM, David Quiroga <quirogadf4w...@gmail.com> wrote: > > Few settings that might be related > > https://issues.apache.org/jira/browse/HDFS-7431 > <https://issues.apache.org/jira/browse/HDFS-7431> > > This may occur when the datanodes run on unprivileged port and > dfs.data.transfer.protection is configured to authentication but > dfs.encrypt.data.transfer is not configured. > > > http://mail-archives.apache.org/mod_mbox/hadoop-user/201604.mbox/%3cd32b25c1.e6fe%25...@exabeam.com%3E > > <http://mail-archives.apache.org/mod_mbox/hadoop-user/201604.mbox/%3cd32b25c1.e6fe%25...@exabeam.com%3E> > dfs.block.access.token.enable to true > > On Tue, Jun 26, 2018 at 6:51 AM, ZongtianHou <zongtian...@icloud.com > <mailto:zongtian...@icloud.com>> wrote: > Hi, everyone: > I have set up kerberos for Hadoop, the namenode can be accessed correctly, > but when I want to write some data in datanode, it give the error info: > Failed to read expected encryption handshake from client at /127.0.0.1:59789 > <http://127.0.0.1:59789/>. Perhaps the client is running an older version of > Hadoop which does not support encryption > > The version I use is 2.6.5 which support encryption as I know, does anyone > have some clue about it? > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: user-unsubscr...@hadoop.apache.org > <mailto:user-unsubscr...@hadoop.apache.org> > For additional commands, e-mail: user-h...@hadoop.apache.org > <mailto:user-h...@hadoop.apache.org> > >
