142b7ec988dfa37bd6470f2b6ebb6a356bb27364
.../org/apache/hadoop/hbase/security/User.java | 11 ++++-------
src/main/resources/hbase-default.xml | 22 +++++++++++++++-------
2 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/src/main/java/org/apache/hadoop/hbase/security/User.java b/src/main/java/org/apache/hadoop/hbase/security/User.java
index 298e3ab..dccba23 100644
--- a/src/main/java/org/apache/hadoop/hbase/security/User.java
+++ b/src/main/java/org/apache/hadoop/hbase/security/User.java
@@ -234,15 +234,12 @@ public abstract class User {
}
/**
- * Returns whether or not secure authentication is enabled for HBase. Note that
- * HBase security requires HDFS security to provide any guarantees, so this requires that
- * both hbase.security.authentication and hadoop.security.authentication
- * are set to kerberos.
+ * Returns whether or not secure authentication is enabled for HBase. Note that
+ * HBase security requires HDFS security to provide any guarantees, so it is
+ * recommended that secure HBase should run on secure HDFS.
*/
public static boolean isHBaseSecurityEnabled(Configuration conf) {
- return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) &&
- "kerberos".equalsIgnoreCase(
- conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION));
+ return ! ("simple".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)));
}
/* Concrete implementations */
diff --git a/src/main/resources/hbase-default.xml b/src/main/resources/hbase-default.xml
index 28f346d..59abb5c 100644
--- a/src/main/resources/hbase-default.xml
+++ b/src/main/resources/hbase-default.xml
@@ -993,13 +993,21 @@
- hbase.dynamic.jars.dir
- ${hbase.rootdir}/.lib
-
- The directory from which the custom filter/co-processor jars can be loaded
- dynamically by the region server without the need to restart. However,
- an already loaded filter/co-processor class would not be un-loaded. See
- HBASE-1936 for more details.
+ hbase.dynamic.jars.dir
+ ${hbase.rootdir}/.lib
+
+ The directory from which the custom filter/co-processor jars can be loaded
+ dynamically by the region server without the need to restart. However,
+ an already loaded filter/co-processor class would not be un-loaded. See
+ HBASE-1936 for more details.
+
+
+
+ hbase.security.authentication
+ simple
+
+ Controls whether or not secure authentication is enabled for HBase.
+ Possible values are 'simple' (no authentication), and 'kerberos'.