Security problem

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Security problem

ZongtianHou
Hi, everyone:
I have set up kerberos for Hadoop, the namenode can be accessed correctly, but when I want to write some data in datanode, it give the error info:
Failed to read expected encryption handshake from client at /127.0.0.1:59789. Perhaps the client is running an older version of Hadoop which does not support encryption

The version I use is 2.6.5 which support encryption as I know, does anyone have some clue about it?

 
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Security problem

ZongtianHou
Thx, guys, I have solved the problem finally, the client library I use is libhdfs3, which have not updated the SASL part, so it will report error in handshake phase. Then I configured and started the secure datanode in privileged port, it  worked. By the way, the encryption doesn’t matter with the SASL or kerberos if the dfs.data.transfer.protection is set to authentication.

On 28 Jun 2018, at 12:16 PM, David Quiroga <[hidden email]> wrote:

Few settings that might be related 

https://issues.apache.org/jira/browse/HDFS-7431

This may occur when the datanodes run on unprivileged port and dfs.data.transfer.protection is configured to authentication but dfs.encrypt.data.transfer is not configured. 


dfs.block.access.token.enable to true

On Tue, Jun 26, 2018 at 6:51 AM, ZongtianHou <[hidden email]> wrote:
Hi, everyone:
I have set up kerberos for Hadoop, the namenode can be accessed correctly, but when I want to write some data in datanode, it give the error info:
Failed to read expected encryption handshake from client at /127.0.0.1:59789. Perhaps the client is running an older version of Hadoop which does not support encryption

The version I use is 2.6.5 which support encryption as I know, does anyone have some clue about it?


---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]