a9eda86a169b4025936aa493d9325e14d53ced29
src/main/java/org/apache/hadoop/hbase/security/User.java | 14 +++++++-------
src/main/resources/hbase-default.xml | 8 ++++++++
2 files changed, 15 insertions(+), 7 deletions(-)
diff --git a/src/main/java/org/apache/hadoop/hbase/security/User.java b/src/main/java/org/apache/hadoop/hbase/security/User.java
index 298e3ab..b3773ef 100644
--- a/src/main/java/org/apache/hadoop/hbase/security/User.java
+++ b/src/main/java/org/apache/hadoop/hbase/security/User.java
@@ -234,15 +234,15 @@ public abstract class User {
}
/**
- * Returns whether or not secure authentication is enabled for HBase. Note that
- * HBase security requires HDFS security to provide any guarantees, so this requires that
- * both hbase.security.authentication and hadoop.security.authentication
- * are set to kerberos.
+ * Returns whether or not secure authentication is enabled for HBase. Note that
+ * HBase security requires HDFS security to provide any guarantees, so it is
+ * recommended that secure HBase should run on secure HDFS.
*/
public static boolean isHBaseSecurityEnabled(Configuration conf) {
- return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) &&
- "kerberos".equalsIgnoreCase(
- conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION));
+ String authScheme = conf.get(HBASE_SECURITY_CONF_KEY);
+ return ! (authScheme == null
+ || authScheme.length() == 0
+ || "simple".equalsIgnoreCase(authScheme));
}
/* Concrete implementations */
diff --git a/src/main/resources/hbase-default.xml b/src/main/resources/hbase-default.xml
index e5b7764..a4bf666 100644
--- a/src/main/resources/hbase-default.xml
+++ b/src/main/resources/hbase-default.xml
@@ -964,4 +964,12 @@
is 2.
+
+ hbase.security.authentication
+ simple
+
+ Controls whether or not secure authentication is enabled for HBase.
+ Possible values are 'simple' (no authentication), and 'kerberos'.
+
+