b6a7bf571c3bba6b3a874b46fa40459144a5a8dc .../org/apache/hadoop/hbase/security/User.java | 14 +++++++------- hbase-common/src/main/resources/hbase-default.xml | 22 +++++++++++++++------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/User.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/User.java index 611abf8..f07b586 100644 --- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/User.java +++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/User.java @@ -201,15 +201,15 @@ public abstract class User { } /** - * Returns whether or not secure authentication is enabled for HBase. Note that - * HBase security requires HDFS security to provide any guarantees, so this requires that - * both hbase.security.authentication and hadoop.security.authentication - * are set to kerberos. + * Returns whether or not secure authentication is enabled for HBase. Note that + * HBase security requires HDFS security to provide any guarantees, so it is + * recommended that secure HBase should run on secure HDFS. */ public static boolean isHBaseSecurityEnabled(Configuration conf) { - return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) && - "kerberos".equalsIgnoreCase( - conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION)); + String authScheme = conf.get(HBASE_SECURITY_CONF_KEY); + return ! (authScheme == null + || authScheme.length() == 0 + || "simple".equalsIgnoreCase(authScheme)); } /* Concrete implementations */ diff --git a/hbase-common/src/main/resources/hbase-default.xml b/hbase-common/src/main/resources/hbase-default.xml index decf490..cca71f9 100644 --- a/hbase-common/src/main/resources/hbase-default.xml +++ b/hbase-common/src/main/resources/hbase-default.xml @@ -1018,13 +1018,21 @@ possible configurations would overwhelm and obscure the important. - hbase.dynamic.jars.dir - ${hbase.rootdir}/lib - - The directory from which the custom filter/co-processor jars can be loaded - dynamically by the region server without the need to restart. However, - an already loaded filter/co-processor class would not be un-loaded. See - HBASE-1936 for more details. + hbase.dynamic.jars.dir + ${hbase.rootdir}/lib + + The directory from which the custom filter/co-processor jars can be loaded + dynamically by the region server without the need to restart. However, + an already loaded filter/co-processor class would not be un-loaded. See + HBASE-1936 for more details. + + + + hbase.security.authentication + simple + + Controls whether or not secure authentication is enabled for HBase. + Possible values are 'simple' (no authentication), and 'kerberos'.