Security settings dictate whether DistCp should be run on the source cluster or the destination cluster. The general rule-of-thumb is that if one cluster is secure and the other is not secure, DistCp should be run from the secure cluster -- otherwise there may be security-related issues.
When copying data from a secure cluster to an non-secure cluster, the following configuration setting is required for the DistCp client:
<property> <name>ipc.client.fallback-to-simple-auth-allowed</name> <value>true</value> </property>
When copying data from a secure cluster to a secure cluster, the following configuration setting is required in the core-site.xml
file:
<property> <name>hadoop.security.auth_to_local</name> <value></value> <description>Maps kerberos principals to local user names</description> </property>