• java远程连接hadoop,kerbers认证失败 报no supported default etypes for default_tkt_enctypes


    @PostConstruct
        public void init() throws Exception {
            if (conn == null) {
    //            System.setProperty("hadoop.home.dir", "G:/keyberos/hbase");
                System.setProperty("java.security.krb5.conf",krbConf);
                conf = HBaseConfiguration.create();
                conf.set("hbase.zookeeper.property.clientPort", zkPort); 
                conf.set("hbase.zookeeper.quorum", zkHost);
                conf.set("hbase.master", master);
    //            conf.addResource(hbaseSite);
                conf.set("hadoop.security.authentication", "kerberos");
                conf.set("hbase.security.authentication", "kerberos");
                conf.set("hbase.cluster.distributed", "true");
                conf.set("hbase.rpc.protection", "authentication"); 
                conf.set("hbase.master.kerberos.principal", principal); // this is needed even if you connect over rpc/zookeeper
                conf.set("hbase.regionserver.kerberos.principal", principal); //what principal the master/region. servers use.
                
                String principal = System.getProperty("kerberosPrincipal", kerberosPrincipal);
                String keytabLocation = System.getProperty("kerberosKeytab",keyberos);
                
                UserGroupInformation.setConfiguration(conf);
                UserGroupInformation.loginUserFromKeytab(principal, keytabLocation);
                
                conn = ConnectionFactory.createConnection(conf);
            }
        }

    在 UserGroupInformation.loginUserFromKeytab(principal, keytabLocation) 处报错:

    java.io.IOException: Login failure for hbase@XXXX.COM from keytab F:/hbase/hbase.keytab: javax.security.auth.login.LoginException: no supported default etypes for default_tkt_enctypes

    参数分别为 hbase@XXXX.COM,F:/hbase/hbase.keytab 。

    java.security.krb5.conf设置为F:/hbase/krb5.conf :
    # Configuration snippets may be placed in this directory as well
    includedir /etc/krb5.conf.d/
    [logging]
     default = FILE:/var/log/krb5libs.log
     kdc = FILE:/var/log/krb5kdc.log
     admin_server = FILE:/var/log/kadmind.log
    
    [libdefaults]
     default_realm = XXXX.COM
     dns_lookup_realm = false
     dns_lookup_kdc = false
     ticket_lifetime = 24h
     renew_lifetime = 7d
     forwardable = true
     default_tgs_enctypes = aes256-cts-hmac-sha1-96
     default_tkt_enctypes = aes256-cts-hmac-sha1-96
     permitted_enctypes = aes256-cts-hmac-sha1-96
     clockskew = 120
     udp_preference_limit = 1
    
    [realms]
    XXXX.COM = {
      kdc = bdp01
      admin_server = bdp01
     }
    
    [domain_realm]
     .xxxx.com = XXXX.COM
    xxxx.com = XXXX.COM

    处理:下载jdk8对应的JCE文件添加到jdk/jre/lib/security下

     初步推测是,jdk需要相应的加密解密方式来处理hbase.keytab 文件。

    参考https://blog.csdn.net/wulantian/article/details/42173095

  • 相关阅读:
    使用脚本改变树控件的行为 (转)点文本 收..
    (面包屑)SiteMapPath控件简化Web网站导航 (转)
    Web.config详解(转)
    SiteMap(站点地图)示例(转)
    url传递中文的解决方案总结(转)
    INI文件编程,WINAPI函数WritePrivateProfileString,GetPrivateProfileString(转帖)
    hdu 2708
    hdu 1709
    hdu 1045
    hdu 2714
  • 原文地址:https://www.cnblogs.com/mryangbo/p/11898648.html
Copyright © 2020-2023  润新知