Hi Bryan / Hbase devs, Based on the changes when you added mTLS support in HBASE-27280 [1], only the certificate and hostname verification part were added to the codebase. HBase doesn't actually authenticates the user when mTLS is being used.
In other words some other auth method Simple or Kerberos is still needed to identify the HBase user, because mTLS doesn't extract identity information from the client certificate and doesn't map it to an active HBase user. Is that correct? Regards, Andor [1] https://issues.apache.org/jira/browse/HBASE-27280
