Credentials (secret keys) can be passed as part of a job via mapreduce.job.credentials.json or mapreduce.job.credentials.binary .
These credentials get submitted during job submission and are made available to the task processes.
In HADOOP 1, these credentials get submitted and routed to task processes even if security was off.
In HADOOP 2, these credentials are transmitted only when security is turned on.
This should be changed in HADOOP 2 for two reasons:
1) It is not backward compatible.
2) Credentials should be passed even if security is turned off.