Korberized apache phoenix的node.js和npm jdbc包问题
我使用nodejs和npmjdbc包连接到hortonworks上的kerberized Apache phoenix,我能够使用nodejs和jdbc包连接到非kerberized phoenix,但是使用kerberized phoenix会遇到下面的Kerberos身份验证错误。如果有人做过类似的事情,请给出一些指导 Klist命令:Korberized apache phoenix的node.js和npm jdbc包问题,node.js,jdbc,npm,kerberos,phoenix,Node.js,Jdbc,Npm,Kerberos,Phoenix,我使用nodejs和npmjdbc包连接到hortonworks上的kerberized Apache phoenix,我能够使用nodejs和jdbc包连接到非kerberized phoenix,但是使用kerberized phoenix会遇到下面的Kerberos身份验证错误。如果有人做过类似的事情,请给出一些指导 Klist命令: klist -k -t -e /etc/security/keytabs/kafka.headless.keytab Keytab name: FILE:/
klist -k -t -e /etc/security/keytabs/kafka.headless.keytab
Keytab name: FILE:/etc/security/keytabs/kafka.headless.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
1 09/30/16 10:10:27 kafka@REALM.LAN (aes256-cts-hmac-sha1-96)
error: Error: Error running static method
java.sql.SQLException: ERROR 103 (08004): Unable to establish connection.
at org.apache.phoenix.exception.SQLExceptionCode$Factory$1.newException(SQLExceptionCode.java:395)
at org.apache.phoenix.exception.SQLExceptionInfo.buildException(SQLExceptionInfo.java:145)
at org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:287)
at org.apache.phoenix.query.ConnectionQueryServicesImpl.access$300(ConnectionQueryServicesImpl.java:170)
at org.apache.phoenix.query.ConnectionQueryServicesImpl$12.call(ConnectionQueryServicesImpl.java:1840)
at org.apache.phoenix.query.ConnectionQueryServicesImpl$12.call(ConnectionQueryServicesImpl.java:1819)
at org.apache.phoenix.util.PhoenixContextExecutor.call(PhoenixContextExecutor.java:77)
at org.apache.phoenix.query.ConnectionQueryServicesImpl.init(ConnectionQueryServicesImpl.java:1819)
at org.apache.phoenix.jdbc.PhoenixDriver.getConnectionQueryServices(PhoenixDriver.java:180)
at org.apache.phoenix.jdbc.PhoenixEmbeddedDriver.connect(PhoenixEmbeddedDriver.java:132)
at org.apache.phoenix.jdbc.PhoenixDriver.connect(PhoenixDriver.java:151)
at java.sql.DriverManager.getConnection(DriverManager.java:571)
at java.sql.DriverManager.getConnection(DriverManager.java:187)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
Caused by: java.io.IOException: Login failure for kafka@FORSYS.LAN from keytab /etc/security/keytabs/kafka.headless.keytab: javax.security.auth.login.LoginException: Unable to obtain password from user
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:976)
at org.apache.hadoop.security.SecurityUtil.login(SecurityUtil.java:280)
at org.apache.hadoop.hbase.security.User$SecureHadoopUser.login(User.java:386)
at org.apache.hadoop.hbase.security.User.login(User.java:253)
at org.apache.phoenix.query.ConnectionQueryServicesImpl.openConnection(ConnectionQueryServicesImpl.java:282)
... 14 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:856)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:719)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:584)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:967)
... 18 more
我可以通过以下更改来解决此问题: 解决方案:
if (!jinst.isJvmCreated()) {
jinst.addOption("-Xrs");
jinst.addOption("-Djava.security.auth.login.config=/home/user/jar/hbase_client_jaas.conf");
jinst.addOption("-Djava.security.krb5.conf=/etc/krb5.conf");
jinst.addOption("-Dkerberos.client.reference.name=Client");
jinst.setupClasspath([
'/etc/hbase/2.4.2.0-258/0/',
'/etc/hadoop/2.4.2.0-258/0/',
'/home/user/jar/phoenix-4.4.0-HBase-1.1-client.jar'
]);
}
var config = {
url: 'jdbc:phoenix:ZK1,ZK2,ZK3:2181:/hbase-secure:user@REAL.LAN:/home/user/user.headless.keytab',
drivername: 'org.apache.phoenix.jdbc.PhoenixDriver',
user : 'hbase',
password: 'hbase'
};
在服务器上存在keytab的同一目录中,请运行以下命令,然后用结果重新编辑您的问题:klist-k-t-e“keytab的文件名”侧注:为什么要在类路径中放置
/etc/krb5.confKRB5_configif (!jinst.isJvmCreated()) {
jinst.addOption("-Xrs");
jinst.addOption("-Djava.security.auth.login.config=/home/user/jar/hbase_client_jaas.conf");
jinst.addOption("-Djava.security.krb5.conf=/etc/krb5.conf");
jinst.addOption("-Dkerberos.client.reference.name=Client");
jinst.setupClasspath([
'/etc/hbase/2.4.2.0-258/0/',
'/etc/hadoop/2.4.2.0-258/0/',
'/home/user/jar/phoenix-4.4.0-HBase-1.1-client.jar'
]);
}
var config = {
url: 'jdbc:phoenix:ZK1,ZK2,ZK3:2181:/hbase-secure:user@REAL.LAN:/home/user/user.headless.keytab',
drivername: 'org.apache.phoenix.jdbc.PhoenixDriver',
user : 'hbase',
password: 'hbase'
};