Fatal编程技术网
  • java/
  • Java中通过Keytab进行Kerberos身份验证的问题

Java中通过Keytab进行Kerberos身份验证的问题

java hadoop

Java中通过Keytab进行Kerberos身份验证的问题,java,hadoop,kerberos,Java,Hadoop,Kerberos,我正在尝试使用Java从本地机器创建一个kerberos安全的Hadoop集群 以下是我试图做的: public static void hbase() throws IOException { System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); final Configuration hBaseConfig = HBaseConfiguration.create(); hBase

我正在尝试使用Java从本地机器创建一个kerberos安全的Hadoop集群

以下是我试图做的:

public static void hbase() throws IOException {
    System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
    final Configuration hBaseConfig = HBaseConfiguration.create();
    hBaseConfig.setInt("timeout", 120000);
    hBaseConfig.set("hbase.zookeeper.quorum", <zookeeper_quorum_address>);
    hBaseConfig.set("hbase.zookeeper.property.clientPort", "2181");
    hBaseConfig.set("hadoop.security.authentication", "kerberos");
    hBaseConfig.set("hbase.security.authentication", "kerberos");
    hBaseConfig.set("hbase.master.kerberos.principal", <kerberos.hbase.principal>);
    hBaseConfig.set("hbase.regionserver.kerberos.principal", <kerberos.hbase.principal>);
    hBaseConfig.set("hbase.master.keytab.file", "hbase.keytab");
    hBaseConfig.set("hbase.regionserver.keytab.file", "hbase.keytab");
    UserGroupInformation.setConfiguration(hBaseConfig);
    UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(<principalName>,
            path_to_keytab_on_local_fs);
}
使用这种方法,控制台输出显示
会话已建立
,但除此之外,执行仍在继续,没有任何日志/控制台输出,我必须强制终止它

我非常感谢您能提供一些帮助解决此问题的见解。

您可以尝试以下方法

System.setProperty("java.security.krb5.conf", "/etc/krb5.conf")
System.setProperty("sun.security.krb5.debug", "true")

hbaseConf = HBaseConfiguration.create()
hbaseConf.set("hbase.connection.timeout", "5000")
hbaseConf.set("zookeeper.znode.parent", "/hbase")
hbaseConf.set("hbase.zookeeper.quorum", zkQuorum)
hbaseConf.set("hbase.zookeeper.property.clientPort", zkPort)
hbaseConf.set("hbase.client.retries.number", Integer.toString(1))
hbaseConf.set("zookeeper.session.timeout", Integer.toString(60000))
hbaseConf.set("zookeeper.recovery.retry", Integer.toString(1))
hbaseConf.addResource(new Path(System.getenv("PWD") + "/" + "core-site.xml"))
hbaseConf.addResource(new Path(System.getenv("PWD") + "/" + "hbase-site.xml"))
hbaseConf.set("hbase.rpc.controllerfactory.class", "org.apache.hadoop.hbase.ipc.RpcControllerFactory")
hbaseConf.set("hadoop.security.authentication", "kerberos")
hbaseConf.set("hbase.security.authentication", "kerberos")
hbaseConf.set("hbase.master.kerberos.principal", masterKerberosPrincipal)
hbaseConf.set("hbase.regionserver.kerberos.principal", regionServerKerberosPrincipal)

UserGroupInformation.setConfiguration(hbaseConf)



 val loggedUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, localPath.toString)

loggedUGI.doAs(new PrivilegedAction[Void] {
    override def run() = {
        val connection = getConnection()
        val table = getTable(connection, fullTableName)
        try {

.... HBASE STUFF

        } finally {
            table.close()
            connection.close()
        }
        null
    }
})
你能让它工作吗? 
 SecurityUtil.login(hBaseConfig, <keytab>, <principal name>);

    SecurityUtil.doAsCurrentUser(new PrivilegedExceptionAction<Void>() {
         .............
     }

System.setProperty("java.security.krb5.conf", "/etc/krb5.conf")
System.setProperty("sun.security.krb5.debug", "true")

hbaseConf = HBaseConfiguration.create()
hbaseConf.set("hbase.connection.timeout", "5000")
hbaseConf.set("zookeeper.znode.parent", "/hbase")
hbaseConf.set("hbase.zookeeper.quorum", zkQuorum)
hbaseConf.set("hbase.zookeeper.property.clientPort", zkPort)
hbaseConf.set("hbase.client.retries.number", Integer.toString(1))
hbaseConf.set("zookeeper.session.timeout", Integer.toString(60000))
hbaseConf.set("zookeeper.recovery.retry", Integer.toString(1))
hbaseConf.addResource(new Path(System.getenv("PWD") + "/" + "core-site.xml"))
hbaseConf.addResource(new Path(System.getenv("PWD") + "/" + "hbase-site.xml"))
hbaseConf.set("hbase.rpc.controllerfactory.class", "org.apache.hadoop.hbase.ipc.RpcControllerFactory")
hbaseConf.set("hadoop.security.authentication", "kerberos")
hbaseConf.set("hbase.security.authentication", "kerberos")
hbaseConf.set("hbase.master.kerberos.principal", masterKerberosPrincipal)
hbaseConf.set("hbase.regionserver.kerberos.principal", regionServerKerberosPrincipal)

UserGroupInformation.setConfiguration(hbaseConf)



 val loggedUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, localPath.toString)

loggedUGI.doAs(new PrivilegedAction[Void] {
    override def run() = {
        val connection = getConnection()
        val table = getTable(connection, fullTableName)
        try {

.... HBASE STUFF

        } finally {
            table.close()
            connection.close()
        }
        null
    }
})