diff --git a/CHANGES.txt b/CHANGES.txt
index c6d93e2422..6a7be8f2c7 100644
--- a/CHANGES.txt
+++ b/CHANGES.txt
@@ -169,6 +169,9 @@ Trunk (unreleased changes)
HADOOP-6517. Fix UserGroupInformation so that tokens are saved/retrieved
to/from the embedded Subject (Owen O'Malley & Kan Zhang via ddas)
+ HADOOP-6538. Sets hadoop.security.authentication to simple by default.
+ (ddas)
+
Release 0.21.0 - Unreleased
INCOMPATIBLE CHANGES
diff --git a/src/java/core-default.xml b/src/java/core-default.xml
index 9389ffb6e0..4a6bfae64b 100644
--- a/src/java/core-default.xml
+++ b/src/java/core-default.xml
@@ -59,6 +59,13 @@
Is service-level authorization enabled?
+
+ hadoop.security.authentication
+ simple
+ Possible values are simple (no authentication), and kerberos
+
+
+
diff --git a/src/java/org/apache/hadoop/security/UserGroupInformation.java b/src/java/org/apache/hadoop/security/UserGroupInformation.java
index adc03617b7..caa6eb0302 100644
--- a/src/java/org/apache/hadoop/security/UserGroupInformation.java
+++ b/src/java/org/apache/hadoop/security/UserGroupInformation.java
@@ -151,9 +151,9 @@ private static synchronized void ensureInitialized() {
*/
private static synchronized void initialize(Configuration conf) {
String value = conf.get(HADOOP_SECURITY_AUTHENTICATION);
- if ("simple".equals(value)) {
+ if (value == null || "simple".equals(value)) {
useKerberos = false;
- } else if (value == null || "kerberos".equals(value)) {
+ } else if ("kerberos".equals(value)) {
useKerberos = true;
} else {
throw new IllegalArgumentException("Invalid attribute value for " +