Datanode#checkSecureConfig currently check the following to determine if secure datanode is enabled.
- The server has bound to privileged ports for RPC and HTTP via SecureDataNodeStarter.
- The configuration enables SASL on DataTransferProtocol and HTTPS (no plain HTTP) for the HTTP server.
Authentication of Datanode RPC server can be done either via SASL handshake or JSVC/privilege RPC port.
This guarantees authentication of the datanode RPC server before a client transmits a secret, such as a block access token.
Authentication of the HTTP server can also be done either via HTTPS/SSL or JSVC/privilege HTTP port. This guarantees authentication of datandoe HTTP server before a client transmits a secret, such as a delegation token.