Edit
                            $HBASE_CONF_DIR/hbase-site.xml$HBASE_CONF_DIR is the directory to store
                        the HBase configuration files. For example,
                            /etc/hbase/conf) : 
| ![[Note]](../common/images/admon/note.png) | Note | 
|---|---|
| There are no default values; the following are all examples. | 
  <property>    
        <name>hbase.master.keytab.file</name>    
        <value>/etc/security/keytabs/hbase.service.keytab</value>    
        <description>Full path to the kerberos keytab file to use 
                     for logging in the configured HMaster server principal.    
        </description>  
</property><property>    
        <name>hbase.master.kerberos.principal</name>    
        <value>hbase/_HOST@EXAMPLE.COM</value>    
        <description>Ex. "hbase/_HOST@EXAMPLE.COM". 
        The kerberos principal name that should be used to run the HMaster process.  
        The principal name should be in the form: user/hostname@DOMAIN.  If "_HOST" is used as the hostname portion, 
        it will be replaced with the actual hostname of the running instance.    
        </description>  
</property> <property>    
        <name>hbase.regionserver.keytab.file</name>    
        <value>/etc/security/keytabs/hbase.service.keytab</value>    
        <description>Full path to the kerberos keytab file to use for logging
        in the configured HRegionServer server principal.    
        </description>  
</property><property>    
        <name>hbase.regionserver.kerberos.principal</name>    
        <value>hbase/_HOST@EXAMPLE.COM</value>    
        <description>Ex. "hbase/_HOST@EXAMPLE.COM".The kerberos principal name thatshould be used to run the HRegionServer process. 
The principal name should be in the form: user/hostname@DOMAIN.  
If _HOSTis used as the hostname portion, it will be replaced with the actual hostname of the runninginstance.  
An entry for this principal must existin the file specified in hbase.regionserver.keytab.file    
        </description>  
</property> <!--Additional configuration specific to HBase security -->
  
<property>    
        <name>hbase.superuser</name>    
        <value>hbase</value>    
        <description>List of users or groups (comma-separated), who are allowed full privileges, regardless of stored ACLs, across the cluster. 
Only used when HBase security is enabled.    
        </description>  
</property>      
<property>    
        <name>hbase.coprocessor.region.classes</name>    
        <value>org.apache.hadoop.hbase.security.token.TokenProvider,org.apache.hadoop.hbase.security.access.SecureBulkLoadEndpoint,org.apache.hadoop.hbase.security.access.AccessController </value>    
        <description>A comma-separated list of Coprocessors that are loaded by default on all tables. 
        </description>  
</property> <property>    
        <name>hbase.security.authentication</name>    
        <value>kerberos</value>    
        
</property>  <property>    
        <name>hbase.rpc.engine</name>    
        <value>org.apache.hadoop.hbase.ipc.SecureRpcEngine</value>    
        
</property>   <property>    
        <name>hbase.security.authorization</name>    
        <value>true</value>  
        <description>Enables HBase authorization. Set the value of this property to false to disable HBase authorization.
        </description>  
        
</property><property>    
        <name>hbase.coprocessor.master.classes</name>    
        <value>org.apache.hadoop.hbase.security.access.AccessController</value>    
        
</property> <property>    
        <name>hbase.bulkload.staging.dir</name>    
        <value>/apps/hbase/staging</value>    
        <description>Directory in the default filesystem, owned by the hbase user, and has permissions(-rwx--x--x, 711) </description>  
        
</property>   For
                        more information on bulk loading in secure mode, see HBase Secure BulkLoad. Note that the
                            hbase.bulkload.staging.dir is created by
                        HBase.


