Security settings dictate whether DistCp should be run on the source cluster or the destination cluster. The general rule-of-thumb is that if one cluster is secure and the other is not secure, DistCp should be run from the secure cluster -- otherwise there may be security- related issues.
When copying data from a secure cluster to an non-secure cluster, the following configuration setting is required for the DistCp client:
<property> <name>ipc.client.fallback-to-simple-auth-allowed</name> <value>true</value> </property>
When copying data from a secure cluster to a secure cluster, the following configuration setting is required in the core-site.xml file:
<property>
<name>hadoop.security.auth_to_local</name>
<value></value>
<description>Maps kerberos principals to local user names</description>
</property> 