DelegationTokenSecretManager does not run ExpiredTokenRemover thead when in AuthenticationMethod.SIMPLE mode.
AbstractDelegationTokenSecretManager.startSecretManager starts ExpiredTokenRemover threads
private void startSecretManager() {
if (dtSecretManager != null) {
try {
dtSecretManager.startThreads();
} catch (IOException e) {
// Inability to start secret manager
// can't be recovered from.
throw new RuntimeException(e);
}
}
FSNamesystem.startSecretManagerIfNecessary
private void startSecretManagerIfNecessary() {
boolean shouldRun = shouldUseDelegationTokens() &&
!isInSafeMode() && getEditLog().isOpenForWrite();
boolean running = dtSecretManager.isRunning();
if (shouldRun && !running) {
startSecretManager();
}
}
shouldUseDelegationTokens
private boolean shouldUseDelegationTokens() {
return UserGroupInformation.isSecurityEnabled() ||
alwaysUseDelegationTokensForTests;
}
UserGroupInformation.isSecurityEnabled
UserGroupInformation.isSecurityEnabled returns false when in AuthenticationMethod.SIMPLE mode.
/**
* Determine if UserGroupInformation is using Kerberos to determine
* user identities or is relying on simple authentication
*
* @return true if UGI is working in a secure environment
*/
public static boolean isSecurityEnabled() {
return !isAuthenticationMethodEnabled(AuthenticationMethod.SIMPLE);
}