Hadoop Kerberos | Cloudera | KrbeException:加密类型AES256 CTS模式，HMAC SHA1-96_Hadoop_Kerberos_Cloudera_Cloudera Manager

Hadoop Kerberos | Cloudera | KrbeException:加密类型AES256 CTS模式，HMAC SHA1-96

hadoop

Hadoop Kerberos | Cloudera | KrbeException:加密类型AES256 CTS模式，HMAC SHA1-96,hadoop,kerberos,cloudera,cloudera-manager,Hadoop,Kerberos,Cloudera,Cloudera Manager,我一直在尝试为CDH 4.5设置Kerberos，该版本是使用Cloudera Manager安装程序设置的说明来自以下链接：设置和KDC后，我将Java 6文件的JCE策略复制到以下位置： /usr/java/jdk1.6.0_31/lib/security/ 以下是我的“/var/kerberos/krb5kdc/kdc.conf”文件：以下是我的“/etc/krb5.conf”文件：此文件存在于所有节点中但是，在遵循说明中的所有步骤后，所有服务都无法相互通信。以下是namen

我一直在尝试为CDH 4.5设置Kerberos，该版本是使用Cloudera Manager安装程序设置的

说明来自以下链接：

设置和KDC后，我将Java 6文件的JCE策略复制到以下位置： /usr/java/jdk1.6.0_31/lib/security/

以下是我的“/var/kerberos/krb5kdc/kdc.conf”文件：

以下是我的“/etc/krb5.conf”文件：

此文件存在于所有节点中

但是，在遵循说明中的所有步骤后，所有服务都无法相互通信。以下是namenode日志中的例外情况：

2014-02-05 11:42:35,072 INFO org.apache.hadoop.ipc.Server: IPC Server listener on 8022: readAndProcess threw exception javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)] from client 10.1.3.104. Count of bytes read: 0
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]
        at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:159)
        at org.apache.hadoop.ipc.Server$Connection.saslReadAndProcess(Server.java:1250)
        at org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1456)
        at org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:759)
        at org.apache.hadoop.ipc.Server$Listener$Reader.doRunLoop(Server.java:557)
        at org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:532)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
        at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:137)
        ... 5 more
Caused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled
        at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:481)
        at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:260)
        at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
        at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
        ... 8 more

2014-02-05 11:42:35072 INFO org.apache.hadoop.ipc.Server:8022上的ipc服务器侦听器：readAndProcess引发异常javax.security.sasl.SaslException:GSS initiate失败[由GSSException引起：GSS-API级别未指定的故障（机制级别：不支持/启用带有HMAC SHA1-96的加密类型AES256 CTS模式）]来自客户机10.1.3.104。读取的字节计数：0
javax.security.sasl.SaslException:GSS启动失败[由GSSException引起：GSS-API级别未指定的故障（机制级别：不支持/启用加密类型AES256 CTS模式和HMAC SHA1-96）]
位于com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse（GssKrb5Server.java:159）
位于org.apache.hadoop.ipc.Server$Connection.saslReadAndProcess（Server.java:1250）
位于org.apache.hadoop.ipc.Server$Connection.readAndProcess（Server.java:1456）
位于org.apache.hadoop.ipc.Server$Listener.doRead（Server.java:759）
位于org.apache.hadoop.ipc.Server$Listener$Reader.dorunoop（Server.java:557）
位于org.apache.hadoop.ipc.Server$Listener$Reader.run（Server.java:532）
原因：GSSExException:GSS-API级别未指定故障（机制级别：不支持/启用带有HMAC SHA1-96的加密类型AES256 CTS模式）
位于sun.security.jgss.krb5.Krb5Context.acceptSecContext（Krb5Context.java:741）
位于sun.security.jgss.GSSContextImpl.acceptSecContext（GSSContextImpl.java:323）
位于sun.security.jgss.GSSContextImpl.acceptSecContext（GSSContextImpl.java:267）
位于com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse（GssKrb5Server.java:137）
... 还有5个
原因：KrbException:不支持/启用带有HMAC SHA1-96的加密类型AES256 CTS模式
位于sun.security.krb5.EncryptionKey.findKey（EncryptionKey.java:481）
位于sun.security.krb5.KrbApReq.authenticate（KrbApReq.java:260）
位于sun.security.krb5.KrbApReq.（KrbApReq.java:134）
位于sun.security.jgss.krb5.InitSecContextToken。（InitSecContextToken.java:79）
位于sun.security.jgss.krb5.Krb5Context.acceptSecContext（Krb5Context.java:724）
... 8个以上

非常感谢您的帮助。

我从Cloudera获得了一些帮助，并发现错误出在JCE策略jar的位置

正确的位置是：/usr/java/jdk1.6.0\u 31/jre/lib/security/

我从Cloudera获得了一些帮助，并发现错误在JCE策略JAR的位置

正确的位置是：/usr/java/jdk1.6.0\u 31/jre/lib/security/

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = MYREALM.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 MYREALM.COM = {
  kdc = node1.hcluster
  admin_server = node1.hcluster
 }

[domain_realm]
 .hcluster = MYREALM.COM
 hcluster = MYREALM.COM

2014-02-05 11:42:35,072 INFO org.apache.hadoop.ipc.Server: IPC Server listener on 8022: readAndProcess threw exception javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)] from client 10.1.3.104. Count of bytes read: 0
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]
        at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:159)
        at org.apache.hadoop.ipc.Server$Connection.saslReadAndProcess(Server.java:1250)
        at org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1456)
        at org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:759)
        at org.apache.hadoop.ipc.Server$Listener$Reader.doRunLoop(Server.java:557)
        at org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:532)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
        at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:137)
        ... 5 more
Caused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled
        at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:481)
        at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:260)
        at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
        at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
        ... 8 more