Major In hbase-20586 (https://issues.apache.org/jira/browse/HBASE-20586)
(commit_sha: https://github.com/apache/hbase/commit/cd61bcc0 )
The code added (SyncTable.java) for the use of hbase.security.authentication is case-sensitive. So users setting it to “KERBEROS” won’t take effect.
private void initCredentialsForHBase(String zookeeper, Job job) throws IOException { Configuration peerConf = HBaseConfiguration.createClusterConf(job.getConfiguration(), zookeeper); if(peerConf.get("hbase.security.authentication").equals("kerberos")){ TableMapReduceUtil.initCredentialsForCluster(job, peerConf); } }
However, in current code base, other uses of hbase.security.authentication are all case-insensitive. For example in MasterFileSystem.java.
public MasterFileSystem(Configuration conf) throws IOException{ ... this.isSecurityEnabled = "kerberos".equalsIgnoreCase(conf.get("hbase.security.authentication")); ... }
The doc in GitHub repo is also misleading (Giving upper-case value).
As a distributed database, HBase must be able to authenticate users and HBase services across an untrusted network. Clients and HBase services are treated equivalently in terms of authentication (and this is the only time we will draw such a distinction).
There are currently three modes of authentication which are supported by HBase today via the configuration property hbase.security.authentication
1.SIMPLE
2.KERBROS
3.TOKEN
Users may misconfigure the parameter because of the case-senstive problem.
How To Fix
Using eqaulsIgnoreCase API consistently in every place when using hbase.security.authentication or make it clear in Doc.
- links to