@PostConstructpublic voidinit() throws Exception {if (conn == null) {//System.setProperty("hadoop.home.dir", "G:/keyberos/hbase");
System.setProperty("java.security.krb5.conf",krbConf);
conf=HBaseConfiguration.create();
conf.set("hbase.zookeeper.property.clientPort", zkPort);
conf.set("hbase.zookeeper.quorum", zkHost);
conf.set("hbase.master", master);//conf.addResource(hbaseSite);
conf.set("hadoop.security.authentication", "kerberos");
conf.set("hbase.security.authentication", "kerberos");
conf.set("hbase.cluster.distributed", "true");
conf.set("hbase.rpc.protection", "authentication");
conf.set("hbase.master.kerberos.principal", principal); //this is needed even if you connect over rpc/zookeeper
conf.set("hbase.regionserver.kerberos.principal", principal); //what principal the master/region. servers use.
String principal= System.getProperty("kerberosPrincipal", kerberosPrincipal);
String keytabLocation= System.getProperty("kerberosKeytab",keyberos);
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(principal, keytabLocation);
conn=ConnectionFactory.createConnection(conf);
}
}
在 UserGroupInformation.loginUserFromKeytab(principal, keytabLocation) 处报错:
java.io.IOException: Login failure for hbase@XXXX.COM from keytab F:/hbase/hbase.keytab: javax.security.auth.login.LoginException: no supported default etypes for default_tkt_enctypes
参数分别为 hbase@XXXX.COM,F:/hbase/hbase.keytab 。
java.security.krb5.conf设置为F:/hbase/krb5.conf :
# Configuration snippets may be placed in this directory aswell
includedir/etc/krb5.conf.d/[logging]default = FILE:/var/log/krb5libs.log
kdc= FILE:/var/log/krb5kdc.log
admin_server= FILE:/var/log/kadmind.log
[libdefaults]
default_realm=XXXX.COM
dns_lookup_realm= falsedns_lookup_kdc= falseticket_lifetime=24h
renew_lifetime=7d
forwardable= truedefault_tgs_enctypes= aes256-cts-hmac-sha1-96default_tkt_enctypes= aes256-cts-hmac-sha1-96permitted_enctypes= aes256-cts-hmac-sha1-96clockskew= 120udp_preference_limit= 1[realms]
XXXX.COM={
kdc=bdp01
admin_server=bdp01
}
[domain_realm]
.xxxx.com=XXXX.COM
xxxx.com= XXXX.COM
处理:下载jdk8对应的JCE文件添加到jdk/jre/lib/security下
初步推测是,jdk需要相应的加密解密方式来处理hbase.keytab 文件。