[
https://issues.apache.org/jira/browse/HBASE-7357?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13532930#comment-13532930
]
Gary Helmling commented on HBASE-7357:
--------------------------------------
Committed patch to trunk.
I've verified that the same issue exists in SecureClient / SecureServer in 0.92
and 0.94. The question is if we should apply the same change there? It would
be a slight change in configuration, but in practice you can't run secure HBase
without both hbase.security.authentication and hadoop.security.authentication
set to kerberos.
> HBaseClient and HBaseServer should use hbase.security.authentication when
> negotiating authentication
> ----------------------------------------------------------------------------------------------------
>
> Key: HBASE-7357
> URL: https://issues.apache.org/jira/browse/HBASE-7357
> Project: HBase
> Issue Type: Bug
> Components: security
> Reporter: Gary Helmling
> Assignee: Gary Helmling
> Attachments: HBASE-7357.patch
>
>
> This came up in the context of testing HBASE-6788. Currently HBaseClient and
> HBaseServer call UserGroupInformation.isSecurityEnabled() when determining
> whether or not to use SASL to negotiate connections. This means they are
> using the hadoop.security.authentication configuration value. Since this is
> in the context of HBase RPC connections, it seems more correct to use the
> hbase.security.authentication configuration value by calling
> User.isHBaseSecurityEnabled().
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
