HBASE-9482 Do not enforce secure Hadoop for secure HBase

git-svn-id: https://svn.apache.org/repos/asf/hbase/trunk@1521731 13f79535-47bb-0310-9956-ffa450edef68
2013-09-11 04:33:09 +00:00 · 2013-09-11 04:33:09 +00:00 · 49fc546051
parent 0bf0e20809
commit 49fc546051
2 changed files with 19 additions and 14 deletions
--- a/hbase-client/src/main/java/org/apache/hadoop/hbase/security/User.java
+++ b/hbase-client/src/main/java/org/apache/hadoop/hbase/security/User.java
@ -201,15 +201,12 @@ public abstract class User {
  }

  /**
-   * Returns whether or not secure authentication is enabled for HBase.  Note that
-   * HBase security requires HDFS security to provide any guarantees, so this requires that
-   * both <code>hbase.security.authentication</code> and <code>hadoop.security.authentication</code>
-   * are set to <code>kerberos</code>.
+   * Returns whether or not secure authentication is enabled for HBase. Note that
+   * HBase security requires HDFS security to provide any guarantees, so it is
+   * recommended that secure HBase should run on secure HDFS.
   */
  public static boolean isHBaseSecurityEnabled(Configuration conf) {
-    return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY)) &&
-        "kerberos".equalsIgnoreCase(
-            conf.get(CommonConfigurationKeys.HADOOP_SECURITY_AUTHENTICATION));
+    return "kerberos".equalsIgnoreCase(conf.get(HBASE_SECURITY_CONF_KEY));
  }

  /* Concrete implementations */
--- a/hbase-common/src/main/resources/hbase-default.xml
+++ b/hbase-common/src/main/resources/hbase-default.xml
@ -1018,13 +1018,21 @@ possible configurations would overwhelm and obscure the important.
  </property>

  <property>
-  	<name>hbase.dynamic.jars.dir</name>
-  	<value>${hbase.rootdir}/lib</value>
-	<description>
-	The directory from which the custom filter/co-processor jars can be loaded
-	dynamically by the region server without the need to restart. However,
-	an already loaded filter/co-processor class would not be un-loaded. See
-	HBASE-1936 for more details.
+    <name>hbase.dynamic.jars.dir</name>
+    <value>${hbase.rootdir}/lib</value>
+    <description>
+      The directory from which the custom filter/co-processor jars can be loaded
+      dynamically by the region server without the need to restart. However,
+      an already loaded filter/co-processor class would not be un-loaded. See
+      HBASE-1936 for more details.
+    </description>
+  </property>
+  <property>
+    <name>hbase.security.authentication</name>
+    <value>simple</value>
+    <description>
+      Controls whether or not secure authentication is enabled for HBase.
+      Possible values are 'simple' (no authentication), and 'kerberos'.
    </description>
  </property>
 </configuration>