a9eda86a169b4025936aa493d9325e14d53ced29 src/main/java/org/apache/hadoop/hbase/security/User.java | 14 +++++++------- src/main/resources/hbase-default.xml | 8 ++++++++ 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/src/main/java/org/apache/hadoop/hbase/security/User.java b/src/main/java/org/apache/hadoop/hbase/security/User.java index 298e3ab..b3773ef 100644 --- a/src/main/java/org/apache/hadoop/hbase/security/User.java +++ b/src/main/java/org/apache/hadoop/hbase/security/User.java @@ -234,15 +234,15 @@ public abstract class User { } /** - * Returns whether or not secure authentication is enabled for HBase. Note that - * HBase security requires HDFS security to provide any guarantees, so this requires that - * both hbase.security.authentication and hadoop.security.authentication - * are set to kerberos. + * Returns whether or not secure authentication is enabled for HBase. Note that + * HBase security requires HDFS security to provide any guarantees, so it is + * recommended that secure HBase should run on secure HDFS. */ public static boolean isHBaseSecurityEnabled(Configuration conf) { - return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) && - "kerberos".equalsIgnoreCase( - conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION)); + String authScheme = conf.get(HBASE_SECURITY_CONF_KEY); + return ! (authScheme == null + || authScheme.length() == 0 + || "simple".equalsIgnoreCase(authScheme)); } /* Concrete implementations */ diff --git a/src/main/resources/hbase-default.xml b/src/main/resources/hbase-default.xml index e5b7764..a4bf666 100644 --- a/src/main/resources/hbase-default.xml +++ b/src/main/resources/hbase-default.xml @@ -964,4 +964,12 @@ is 2. + + hbase.security.authentication + simple + + Controls whether or not secure authentication is enabled for HBase. + Possible values are 'simple' (no authentication), and 'kerberos'. + +