Java中通过Keytab进行Kerberos身份验证的问题
我正在尝试使用Java从本地机器创建一个kerberos安全的Hadoop集群 以下是我试图做的:Java中通过Keytab进行Kerberos身份验证的问题,java,hadoop,kerberos,Java,Hadoop,Kerberos,我正在尝试使用Java从本地机器创建一个kerberos安全的Hadoop集群 以下是我试图做的: public static void hbase() throws IOException { System.setProperty("javax.security.auth.useSubjectCredsOnly", "false"); final Configuration hBaseConfig = HBaseConfiguration.create(); hBase
public static void hbase() throws IOException {
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
final Configuration hBaseConfig = HBaseConfiguration.create();
hBaseConfig.setInt("timeout", 120000);
hBaseConfig.set("hbase.zookeeper.quorum", <zookeeper_quorum_address>);
hBaseConfig.set("hbase.zookeeper.property.clientPort", "2181");
hBaseConfig.set("hadoop.security.authentication", "kerberos");
hBaseConfig.set("hbase.security.authentication", "kerberos");
hBaseConfig.set("hbase.master.kerberos.principal", <kerberos.hbase.principal>);
hBaseConfig.set("hbase.regionserver.kerberos.principal", <kerberos.hbase.principal>);
hBaseConfig.set("hbase.master.keytab.file", "hbase.keytab");
hBaseConfig.set("hbase.regionserver.keytab.file", "hbase.keytab");
UserGroupInformation.setConfiguration(hBaseConfig);
UserGroupInformation ugi = UserGroupInformation.loginUserFromKeytabAndReturnUGI(<principalName>,
path_to_keytab_on_local_fs);
}
使用这种方法,控制台输出显示会话已建立
,但除此之外,执行仍在继续,没有任何日志/控制台输出,我必须强制终止它
我非常感谢您能提供一些帮助解决此问题的见解。您可以尝试以下方法
System.setProperty("java.security.krb5.conf", "/etc/krb5.conf")
System.setProperty("sun.security.krb5.debug", "true")
hbaseConf = HBaseConfiguration.create()
hbaseConf.set("hbase.connection.timeout", "5000")
hbaseConf.set("zookeeper.znode.parent", "/hbase")
hbaseConf.set("hbase.zookeeper.quorum", zkQuorum)
hbaseConf.set("hbase.zookeeper.property.clientPort", zkPort)
hbaseConf.set("hbase.client.retries.number", Integer.toString(1))
hbaseConf.set("zookeeper.session.timeout", Integer.toString(60000))
hbaseConf.set("zookeeper.recovery.retry", Integer.toString(1))
hbaseConf.addResource(new Path(System.getenv("PWD") + "/" + "core-site.xml"))
hbaseConf.addResource(new Path(System.getenv("PWD") + "/" + "hbase-site.xml"))
hbaseConf.set("hbase.rpc.controllerfactory.class", "org.apache.hadoop.hbase.ipc.RpcControllerFactory")
hbaseConf.set("hadoop.security.authentication", "kerberos")
hbaseConf.set("hbase.security.authentication", "kerberos")
hbaseConf.set("hbase.master.kerberos.principal", masterKerberosPrincipal)
hbaseConf.set("hbase.regionserver.kerberos.principal", regionServerKerberosPrincipal)
UserGroupInformation.setConfiguration(hbaseConf)
val loggedUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, localPath.toString)
loggedUGI.doAs(new PrivilegedAction[Void] {
override def run() = {
val connection = getConnection()
val table = getTable(connection, fullTableName)
try {
.... HBASE STUFF
} finally {
table.close()
connection.close()
}
null
}
})
你能让它工作吗?
SecurityUtil.login(hBaseConfig, <keytab>, <principal name>);
SecurityUtil.doAsCurrentUser(new PrivilegedExceptionAction<Void>() {
.............
}
System.setProperty("java.security.krb5.conf", "/etc/krb5.conf")
System.setProperty("sun.security.krb5.debug", "true")
hbaseConf = HBaseConfiguration.create()
hbaseConf.set("hbase.connection.timeout", "5000")
hbaseConf.set("zookeeper.znode.parent", "/hbase")
hbaseConf.set("hbase.zookeeper.quorum", zkQuorum)
hbaseConf.set("hbase.zookeeper.property.clientPort", zkPort)
hbaseConf.set("hbase.client.retries.number", Integer.toString(1))
hbaseConf.set("zookeeper.session.timeout", Integer.toString(60000))
hbaseConf.set("zookeeper.recovery.retry", Integer.toString(1))
hbaseConf.addResource(new Path(System.getenv("PWD") + "/" + "core-site.xml"))
hbaseConf.addResource(new Path(System.getenv("PWD") + "/" + "hbase-site.xml"))
hbaseConf.set("hbase.rpc.controllerfactory.class", "org.apache.hadoop.hbase.ipc.RpcControllerFactory")
hbaseConf.set("hadoop.security.authentication", "kerberos")
hbaseConf.set("hbase.security.authentication", "kerberos")
hbaseConf.set("hbase.master.kerberos.principal", masterKerberosPrincipal)
hbaseConf.set("hbase.regionserver.kerberos.principal", regionServerKerberosPrincipal)
UserGroupInformation.setConfiguration(hbaseConf)
val loggedUGI = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, localPath.toString)
loggedUGI.doAs(new PrivilegedAction[Void] {
override def run() = {
val connection = getConnection()
val table = getTable(connection, fullTableName)
try {
.... HBASE STUFF
} finally {
table.close()
connection.close()
}
null
}
})