I built my cluster with CDH5.7.5 and enabled kerberos. The kerberos service is provided by freeIPA. “hdfs dfs” or “hadoop dfs” works well with the authentication, unauthorized users cannot access this cluster. However, “hadoop fs” command can still access all directories without any user authentication. I am confused since I believe the “hadoop fs” and “hdfs dfs” should work in the same behavior since they all call FsShell class.
Please demonstrate, with example, what is "working" and what is "not working?"
Listing each step (including kinit) will help us understand what you are facing.
If you cluster has Kerberos Authentication enabled, then in order to access HDFS, you will need to have credentials. A user without valid kerberos credentials cannot access HDFS so there may be a misunderstanding regarding the test results.