diff --git a/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java b/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java index d8d4f788ab..33493ba861 100644 --- a/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java +++ b/hbase-common/src/main/java/org/apache/hadoop/hbase/AuthUtil.java @@ -88,7 +88,7 @@ public final class AuthUtil { public static final String HBASE_CLIENT_KEYTAB_FILE = "hbase.client.keytab.file"; /** Client principal */ - public static final String HBASE_CLIENT_KERBEROS_PRINCIPAL = "hbase.client.keytab.principal"; + public static final String HBASE_CLIENT_KERBEROS_PRINCIPAL = "hbase.client.kerberos.principal"; private AuthUtil() { super(); diff --git a/src/main/asciidoc/_chapters/security.adoc b/src/main/asciidoc/_chapters/security.adoc index 107b2fff0e..ee00cac3b7 100644 --- a/src/main/asciidoc/_chapters/security.adoc +++ b/src/main/asciidoc/_chapters/security.adoc @@ -271,14 +271,14 @@ Since 2.2.0, client can specify the following configurations in `hbase-site.xml` - hbase.client.keytab.principal + hbase.client.kerberos.principal foo@EXAMPLE.COM ---- Then application can automatically do the login and credential renewal jobs without client interference. It's optional feature, client, who upgrades to 2.2.0, can still keep their login and credential renewal logic already did in older version, as long as keeping `hbase.client.keytab.file` -and `hbase.client.keytab.principal` are unset. +and `hbase.client.kerberos.principal` are unset. Be advised that if the `hbase.security.authentication` in the client- and server-side site files do not match, the client will not be able to communicate with the cluster.