Thanks Masahiro Tanaka for providing the patch. The change in the document (index.md.vm) looks good to me, but the change in the setting (kms-site.xml) is not good. The setting in kms-site.xml is used as default value, so changing the setting is incompatible. Would you update the default value (kerberos) to "none" instead of "sasl"? Updating "kerberos" to "none" does not change the behavior, so this change is safe.
The Zookeeper authentication type, 'none' or 'sasl' (Kerberos).
In addition, I'm thinking we can improve the description to "The ZooKeeper authentication type. Supported values are 'none' (default) and 'sasl' (Kerberos)."