001/*
002 * Licensed to the Apache Software Foundation (ASF) under one
003 * or more contributor license agreements.  See the NOTICE file
004 * distributed with this work for additional information
005 * regarding copyright ownership.  The ASF licenses this file
006 * to you under the Apache License, Version 2.0 (the
007 * "License"); you may not use this file except in compliance
008 * with the License.  You may obtain a copy of the License at
009 *
010 *     http://www.apache.org/licenses/LICENSE-2.0
011 *
012 * Unless required by applicable law or agreed to in writing, software
013 * distributed under the License is distributed on an "AS IS" BASIS,
014 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
015 * See the License for the specific language governing permissions and
016 * limitations under the License.
017 */
018package org.apache.hadoop.hbase.security;
019
020import org.apache.hadoop.hbase.HBaseInterfaceAudience;
021import org.apache.yetus.audience.InterfaceAudience;
022
023/**
024 * SecurityConstants holds a bunch of kerberos-related constants
025 */
026@InterfaceAudience.Private
027public final class SecurityConstants {
028
029  /**
030   * Configuration keys for programmatic JAAS configuration for secured master and regionserver
031   * interaction
032   */
033  public static final String MASTER_KRB_PRINCIPAL = "hbase.master.kerberos.principal";
034  public static final String MASTER_KRB_KEYTAB_FILE = "hbase.master.keytab.file";
035  public static final String REGIONSERVER_KRB_PRINCIPAL = "hbase.regionserver.kerberos.principal";
036  public static final String REGIONSERVER_KRB_KEYTAB_FILE = "hbase.regionserver.keytab.file";
037
038  /**
039   * This config is for experts: don't set its value unless you really know what you are doing. When
040   * set to true, HBase client using SASL Kerberos will skip reverse DNS lookup and use provided
041   * hostname of the destination for the principal instead. See
042   * https://issues.apache.org/jira/browse/HBASE-25665 for more details.
043   */
044  @InterfaceAudience.LimitedPrivate(HBaseInterfaceAudience.CONFIG)
045  public static final String UNSAFE_HBASE_CLIENT_KERBEROS_HOSTNAME_DISABLE_REVERSEDNS =
046    "hbase.unsafe.client.kerberos.hostname.disable.reversedns";
047  public static final boolean DEFAULT_UNSAFE_HBASE_CLIENT_KERBEROS_HOSTNAME_DISABLE_REVERSEDNS =
048    false;
049
050  private SecurityConstants() {
051    // Can't be instantiated with this ctor.
052  }
053}