Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
None
-
None
-
Incompatible change
Description
Was chatting with Artem about this. I think we can do a little bit better for default "security-related" configurations.
We have the hbase.master.ui.readonly configuration property removes some options from the web UI that might change the state of the cluster (e.g. region distribution, snapshots). We default this to be false in all cases now.
I suggest that when hbase.security.authentication=kerberos but hbase.security.authentication.ui=null (undefined), we default hbase.master.ui.readonly=true. This would force users to opt-in to a scenario that may let an unauthenticated user manipulate the system (instead of opt-out).
Artem also mentioned he thinks he could implement this, so assigning to him.