5c8ba8be29679941f7f53b2b302cfc6fc563b969
.../org/apache/hadoop/hbase/security/User.java | 11 ++++-------
hbase-common/src/main/resources/hbase-default.xml | 22 +++++++++++++++-------
2 files changed, 19 insertions(+), 14 deletions(-)
diff --git a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/User.java b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/User.java
index 611abf8..4e3d3a0 100644
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/User.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/User.java
@@ -201,15 +201,12 @@ public abstract class User {
}
/**
- * Returns whether or not secure authentication is enabled for HBase. Note that
- * HBase security requires HDFS security to provide any guarantees, so this requires that
- * both hbase.security.authentication and hadoop.security.authentication
- * are set to kerberos.
+ * Returns whether or not secure authentication is enabled for HBase. Note that
+ * HBase security requires HDFS security to provide any guarantees, so it is
+ * recommended that secure HBase should run on secure HDFS.
*/
public static boolean isHBaseSecurityEnabled(Configuration conf) {
- return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) &&
- "kerberos".equalsIgnoreCase(
- conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION));
+ return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY));
}
/* Concrete implementations */
diff --git a/hbase-common/src/main/resources/hbase-default.xml b/hbase-common/src/main/resources/hbase-default.xml
index decf490..cca71f9 100644
--- a/hbase-common/src/main/resources/hbase-default.xml
+++ b/hbase-common/src/main/resources/hbase-default.xml
@@ -1018,13 +1018,21 @@ possible configurations would overwhelm and obscure the important.
- hbase.dynamic.jars.dir
- ${hbase.rootdir}/lib
-
- The directory from which the custom filter/co-processor jars can be loaded
- dynamically by the region server without the need to restart. However,
- an already loaded filter/co-processor class would not be un-loaded. See
- HBASE-1936 for more details.
+ hbase.dynamic.jars.dir
+ ${hbase.rootdir}/lib
+
+ The directory from which the custom filter/co-processor jars can be loaded
+ dynamically by the region server without the need to restart. However,
+ an already loaded filter/co-processor class would not be un-loaded. See
+ HBASE-1936 for more details.
+
+
+
+ hbase.security.authentication
+ simple
+
+ Controls whether or not secure authentication is enabled for HBase.
+ Possible values are 'simple' (no authentication), and 'kerberos'.