HBase Zookeeper身份验证失败-找不到任何Kerberos tgt
环境HBase Zookeeper身份验证失败-找不到任何Kerberos tgt,hbase,apache-zookeeper,kerberos,Hbase,Apache Zookeeper,Kerberos,环境 HBase 1.5 Hadoop 2.9.2 Zookeeper 3.5.6 错误 在配置Zookeeper以使用Kerberos并配置HBasejaas.conflogin config之后收到以下错误 。。。在hbase master.log中 ERROR org.apache.zookeeper.ClientCnxn: SASL authentication with Zookeeper Quorum member failed: javax.security.sasl.Sas
HBase 1.5
Hadoop 2.9.2
Zookeeper 3.5.6
jaas.conf
login config之后收到以下错误
。。。在hbase master.log中
ERROR org.apache.zookeeper.ClientCnxn: SASL authentication with Zookeeper Quorum member failed:
javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException:
javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos tgt)])
occurred when evaluating Zookeeper Quorum Member's received SASL token.
Zookeeper Client will go to AUTH_FAILED state.
HBase jaas.conf
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=true
storeKey=true
keyTab="/etc/security/keytabs/hbase.keytab"
principal="hbase/@REALM.COM";
};
hbase env.sh
export HBASE_OPTS=“-Djava.security.auth.login.config=/opt/HBASE/conf/jaas.conf”
问题在于hbase env.sh
,hbase需要的不仅仅是java.security.auth.login.config
中设置的hbase\u OPTS
配置Zookeeper的正确方法jaas.conf
:
export HBASE\u SERVER\u JAAS\u OPTS=“-Djava.security.auth.login.config=/opt/HBASE/conf/JAAS.conf”
export HBASE_MASTER_OPTS=“$HBASE_MASTER_OPTS-Djava.security.auth.login.config=/opt/HBASE/conf/jaas.conf”
如果在主文件
和区域
之间有单独的键选项卡,则需要两个JAAS文件,并且必须同时指定这两个文件
HBASE\u SERVER\u JAAS\u OPTS
HBASE\u MASTER\u OPTS
如果对所有hbase仅使用1个kerberos主体,则只需设置hbase\u SERVER\u JAAS\u OPTS