Warning: Disabling security on a production HBase system is difficult and could cause data loss. Contact Cloudera Support if you need to disable security in HBase.

To configure HBase security, complete the following tasks:

1. Configure HBase Authentication: You must establish a mechanism for HBase servers and clients to securely identify themselves with HDFS, ZooKeeper, and each other. This ensures that hosts are who they claim to be.
     Note:

   • To enable HBase to work with Kerberos security, you must perform the installation and configuration steps in Configuring Hadoop Security in CDH 5 and ZooKeeper Security Configuration.

   • Although an HBase Thrift server can connect to a secured Hadoop cluster, access is not secured from clients to the HBase Thrift server. To encrypt communication between clients and the HBase Thrift Server, see Configuring TLS/SSL for HBase Thrift Server.

   The following sections describe how to use Apache HBase and CDH 5 with Kerberos security:

   • Configuring Kerberos Authentication for HBase
   • Configuring Secure HBase Replication
   • Configuring the HBase Client TGT Renewal Period
2. Configure HBase Authorization: You must establish rules for the resources that clients are allowed to access. For more information, see Configuring HBase Authorization.