142b7ec988dfa37bd6470f2b6ebb6a356bb27364 .../org/apache/hadoop/hbase/security/User.java | 11 ++++------- src/main/resources/hbase-default.xml | 22 +++++++++++++++------- 2 files changed, 19 insertions(+), 14 deletions(-) diff --git a/src/main/java/org/apache/hadoop/hbase/security/User.java b/src/main/java/org/apache/hadoop/hbase/security/User.java index 298e3ab..dccba23 100644 --- a/src/main/java/org/apache/hadoop/hbase/security/User.java +++ b/src/main/java/org/apache/hadoop/hbase/security/User.java @@ -234,15 +234,12 @@ public abstract class User { } /** - * Returns whether or not secure authentication is enabled for HBase. Note that - * HBase security requires HDFS security to provide any guarantees, so this requires that - * both hbase.security.authentication and hadoop.security.authentication - * are set to kerberos. + * Returns whether or not secure authentication is enabled for HBase. Note that + * HBase security requires HDFS security to provide any guarantees, so it is + * recommended that secure HBase should run on secure HDFS. */ public static boolean isHBaseSecurityEnabled(Configuration conf) { - return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) && - "kerberos".equalsIgnoreCase( - conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION)); + return ! ("simple".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY))); } /* Concrete implementations */ diff --git a/src/main/resources/hbase-default.xml b/src/main/resources/hbase-default.xml index 28f346d..59abb5c 100644 --- a/src/main/resources/hbase-default.xml +++ b/src/main/resources/hbase-default.xml @@ -993,13 +993,21 @@ - hbase.dynamic.jars.dir - ${hbase.rootdir}/.lib - - The directory from which the custom filter/co-processor jars can be loaded - dynamically by the region server without the need to restart. However, - an already loaded filter/co-processor class would not be un-loaded. See - HBASE-1936 for more details. + hbase.dynamic.jars.dir + ${hbase.rootdir}/.lib + + The directory from which the custom filter/co-processor jars can be loaded + dynamically by the region server without the need to restart. However, + an already loaded filter/co-processor class would not be un-loaded. See + HBASE-1936 for more details. + + + + hbase.security.authentication + simple + + Controls whether or not secure authentication is enabled for HBase. + Possible values are 'simple' (no authentication), and 'kerberos'.