SASL authenticates the DN on Hadoop 2.6+, but it requires the clients to be using the 2.6+ JARs; you can't use it on the 2.2-2.5 artifacts.
> On 9 Sep 2015, at 18:45, Allen Wittenauer <a...@altiscale.com> wrote: > > > FWIW, I still use and prefer jsvc, esp with the sudo trick in place. > > On Sep 9, 2015, at 9:35 AM, Chris Nauroth <cnaur...@hortonworks.com> wrote: > >> AFAIK, the majority of existing deployments still use jsvc to run a >> secured DataNode. It would be a backwards-incompatible change to remove >> support for this deployment model. For that reason, I would be -1 for >> removing jsvc support, at least in the 2.x line. >> >> >> It's something that could be considered for 3.x if we think the clean-up >> benefit outweighs the incompatibility cost. Before we do that, I'd prefer >> to hear if end users are having success with the SASL deployment model. >> Brahma, are you asking because you run clusters with the SASL approach? >> If so, has it been working well? >> >> --Chris Nauroth >> >> >> >> >> On 9/9/15, 9:25 AM, "Haohui Mai" <whe...@apache.org> wrote: >> >>> JSVC is no longer required. It causes a lot of headaches in >>> deployments. It's definitely a good target for clean ups. >>> >>> ~Haohui >>> >>> On Wed, Sep 9, 2015 at 5:24 AM, Brahma Reddy Battula >>> <brahmareddy.batt...@huawei.com> wrote: >>>> Hi All, >>>> >>>> AFAIK JSVC added secure the block tokens(..?). >>>> >>>> Since block tokens are secure now (SASL used to secure the >>>> DataTransferProtocol, which transfers file block content between HDFS >>>> clients and DataNodes),then can we remove jsvc now (script files)..? >>>> >>>> >>>> >>>> Thanks & Regards >>>> >>>> Brahma Reddy Battula >>>> >>>> >>>> >>> >> > >
