Hadoop Kerberos | Cloudera | KrbeException:加密类型AES256 CTS模式,HMAC SHA1-96
我一直在尝试为CDH 4.5设置Kerberos,该版本是使用Cloudera Manager安装程序设置的 说明来自以下链接: 设置和KDC后,我将Java 6文件的JCE策略复制到以下位置: /usr/java/jdk1.6.0_31/lib/security/ 以下是我的“/var/kerberos/krb5kdc/kdc.conf”文件: 以下是我的“/etc/krb5.conf”文件: 此文件存在于所有节点中 但是,在遵循说明中的所有步骤后,所有服务都无法相互通信。 以下是namenode日志中的例外情况:Hadoop Kerberos | Cloudera | KrbeException:加密类型AES256 CTS模式,HMAC SHA1-96,hadoop,kerberos,cloudera,cloudera-manager,Hadoop,Kerberos,Cloudera,Cloudera Manager,我一直在尝试为CDH 4.5设置Kerberos,该版本是使用Cloudera Manager安装程序设置的 说明来自以下链接: 设置和KDC后,我将Java 6文件的JCE策略复制到以下位置: /usr/java/jdk1.6.0_31/lib/security/ 以下是我的“/var/kerberos/krb5kdc/kdc.conf”文件: 以下是我的“/etc/krb5.conf”文件: 此文件存在于所有节点中 但是,在遵循说明中的所有步骤后,所有服务都无法相互通信。 以下是namen
2014-02-05 11:42:35,072 INFO org.apache.hadoop.ipc.Server: IPC Server listener on 8022: readAndProcess threw exception javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)] from client 10.1.3.104. Count of bytes read: 0
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]
at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:159)
at org.apache.hadoop.ipc.Server$Connection.saslReadAndProcess(Server.java:1250)
at org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1456)
at org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:759)
at org.apache.hadoop.ipc.Server$Listener$Reader.doRunLoop(Server.java:557)
at org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:532)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:137)
... 5 more
Caused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled
at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:481)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:260)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
... 8 more
2014-02-05 11:42:35072 INFO org.apache.hadoop.ipc.Server:8022上的ipc服务器侦听器:readAndProcess引发异常javax.security.sasl.SaslException:GSS initiate失败[由GSSException引起:GSS-API级别未指定的故障(机制级别:不支持/启用带有HMAC SHA1-96的加密类型AES256 CTS模式)]来自客户机10.1.3.104。读取的字节计数:0
javax.security.sasl.SaslException:GSS启动失败[由GSSException引起:GSS-API级别未指定的故障(机制级别:不支持/启用加密类型AES256 CTS模式和HMAC SHA1-96)]
位于com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:159)
位于org.apache.hadoop.ipc.Server$Connection.saslReadAndProcess(Server.java:1250)
位于org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1456)
位于org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:759)
位于org.apache.hadoop.ipc.Server$Listener$Reader.dorunoop(Server.java:557)
位于org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:532)
原因:GSSExException:GSS-API级别未指定故障(机制级别:不支持/启用带有HMAC SHA1-96的加密类型AES256 CTS模式)
位于sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
位于sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
位于sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
位于com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:137)
... 还有5个
原因:KrbException:不支持/启用带有HMAC SHA1-96的加密类型AES256 CTS模式
位于sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:481)
位于sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:260)
位于sun.security.krb5.KrbApReq.(KrbApReq.java:134)
位于sun.security.jgss.krb5.InitSecContextToken。(InitSecContextToken.java:79)
位于sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
... 8个以上
非常感谢您的帮助。我从Cloudera获得了一些帮助,并发现错误出在JCE策略jar的位置
正确的位置是:/usr/java/jdk1.6.0\u 31/jre/lib/security/我从Cloudera获得了一些帮助,并发现错误在JCE策略JAR的位置 正确的位置是:/usr/java/jdk1.6.0\u 31/jre/lib/security/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = MYREALM.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
MYREALM.COM = {
kdc = node1.hcluster
admin_server = node1.hcluster
}
[domain_realm]
.hcluster = MYREALM.COM
hcluster = MYREALM.COM
2014-02-05 11:42:35,072 INFO org.apache.hadoop.ipc.Server: IPC Server listener on 8022: readAndProcess threw exception javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)] from client 10.1.3.104. Count of bytes read: 0
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]
at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:159)
at org.apache.hadoop.ipc.Server$Connection.saslReadAndProcess(Server.java:1250)
at org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1456)
at org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:759)
at org.apache.hadoop.ipc.Server$Listener$Reader.doRunLoop(Server.java:557)
at org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:532)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:137)
... 5 more
Caused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled
at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:481)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:260)
at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
... 8 more