配置Kerberos后,连接HDFS参数如下:
private void confLoad() throws IOException {
conf = new Configuration();
conf.clear();
conf.set("hadoop.security.authentication", "kerberos");
conf.set("fs.defaultFS", "hdfs://IP:8020");
//conf.set("hadoop.rpc.protection", "authentication");
conf.set("hadoop.rpc.protection", "privacy");
conf.set("dfs.data.transfer.protection", "integrity");
}
注意: hadoop.rpc.protection必须与集群的配置保持一致,否则会报:
Exception in thread "main" java.io.IOException: Failed on local exception: java.io.IOException: Couldn't setup connection for ldapuser@EXAMPLE.COM to /172.16.70.3:8020; Host Details : local host is: "USER-20161130SP/172.16.25.69"; destination host is: "c2bde03":8020;
... ...
Caused by: javax.security.sasl.SaslException: No common protection layer between client and server
at com.sun.security.sasl.gsskerb.GssKrb5Client.doFinalHandshake(GssKrb5Client.java:251)