Details
-
Bug
-
Status: Open
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
Description
In Webhdfs, before router redirects the OPEN call to datanode, it will attach the namenoderpcaddress param. When Datanode WebHdfsHandler takes the call, it will construct a DFSClient based on the ip address, which is pointing to Router.
This is OK when Router and Datanode are both secure or nonsecure. However when DN is not but Router is secure, there will be
org.apache.hadoop.security.AccessControlException: SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS]]
Comments are welcome in terms of how to fix this.
One way is to always make Datanode construct the DFSClient based on the default FS since the default FS is always the Namenode in the same cluster which should is with the same security setting as Datanode.