[
https://issues.apache.org/jira/browse/HDFS-9525?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15060622#comment-15060622
]
Daryn Sharp commented on HDFS-9525:
-----------------------------------
bq. If we want to distcp from non-kerberos cluster to kerberos cluster, WebHDFS
does not use the delegationToken even ugi has the webHDFS's token.
I thought the issue at hand is how to access 2 kerberos clusters? If the other
cluster is insecure, then just set
ipc.client.fallback-to-simple-auth-allowed=true. Even though the key has ipc
in it, it still applies to webhdfs too.
bq. It supports to use token for WebHDFS on non-kerberos cluster.
This is the part that completely confuses me. If it's an insecure cluster,
tokens aren't issued. Did you (finish what I started long ago) and issue
tokens even with security off? If no, then what issued the token you are
attempting to use on the insecure cluster?
> hadoop utilities need to support provided delegation tokens
> -----------------------------------------------------------
>
> Key: HDFS-9525
> URL: https://issues.apache.org/jira/browse/HDFS-9525
> Project: Hadoop HDFS
> Issue Type: New Feature
> Components: security
> Affects Versions: 3.0.0
> Reporter: Allen Wittenauer
> Assignee: HeeSoo Kim
> Priority: Blocker
> Fix For: 3.0.0
>
> Attachments: HDFS-7984.001.patch, HDFS-7984.002.patch,
> HDFS-7984.003.patch, HDFS-7984.004.patch, HDFS-7984.005.patch,
> HDFS-7984.006.patch, HDFS-7984.007.patch, HDFS-7984.patch, HDFS-9525.008.patch
>
>
> When using the webhdfs:// filesystem (especially from distcp), we need the
> ability to inject a delegation token rather than webhdfs initialize its own.
> This would allow for cross-authentication-zone file system accesses.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
