第一次搞Kerberos,这个被很多人深恶痛绝的东西。还好有人问,少走了很多弯路,主要是在mac 下搞Kerberos配置。希望这个是自己的第一篇大数据方面的博文。
默认情况下mac是安装了Kerberos,只需要加一个配置,加一个 /etc/krb5.conf 文件
示例配置:
[libdefaults] default_realm = HADOOP.HZ.NETEASE.COM allow_weak_crypto = true # default_tgs_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # default_tkt_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 # permitted_enctypes = aes256-cts arcfour-hmac-md5 des3-hmac-sha1 des-cbc-crc des-cbc-md5 [realms] HADOOP.HZ.NETEASE.COM = { kdc = xxx.photo.163.org kdc = app-xxx.photo.163.org kdc = app-xxx.photo.163.org admin_server = hadoopxxxx.photo.163.org kadmind_port = 779 } [domain_realm] .photo.163.org = HADOOP.HZ.163.COM photo.163.org = HADOOP.HZ.163.COM [logging] kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmin.log default = FILE:/var/log/krb5lib.log
然后执行 kinit -kt /Users/xuezhaoming/soft/hadoop/flume.keytab flume/inspur116.photo.163.org@HADOOP.HZ.NETEASE.COM
klist
kinit -R( 不一定需要执行)
java 代码实现访问:
String kerbConfPrincipal = "flume@xxx.com"; String kerbKeytab = "/Users/xuezhaoming/soft/hadoop/flume.keytab"; String proxyUserName = "flume"; String hdfsPropertities = "/Users/xuezhaoming/soft/hadoop/hadoop-site-cluster.xml"; Configuration hadoopConf = new Configuration(); Path conPath = new Path(hdfsPropertities); hadoopConf.addResource(conPath); // hadoopConf.set("hadoop.security.authentication", "Kerberos"); UserGroupInformation.setConfiguration(hadoopConf); UserGroupInformation.loginUserFromKeytab(kerbConfPrincipal, kerbKeytab); FileSystem fileSystem1 = FileSystem.get(hadoopConf); String fileName = "hdfs://xxxx.lzo"; Path hdfsPath = new Path(fileName); boolean file = fileSystem1.isFile(hdfsPath); System.out.println(file);
一些错误:
java.io.IOException: Login failure for hdfs from keytab / <em id="__mceDel"> at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:891) at com.security.HdfsSecurityDemo.test1(HdfsSecurityDemo.java:64) at com.security.HdfsSecurityDemo.main(HdfsSecurityDemo.java:50) Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:856) at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:719) at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) at javax.security.auth.login.LoginContext.login(LoginContext.java:595) at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:882) ... 2 more</em>
原因是没有配置正确 user 和 ketytab
0 条评论。