Kerberos
文章平均质量分 52
源神
天道酬勤
展开
-
kerberos合并多个keytabl文件命令
合并key使用ktutil 合并前面创建的keytab#ktutilktutil: rkt user1.keytabktutil: rkt user2.keytabktutil: wkt user.keytab查看:klist -ket user.keytab原创 2019-10-23 10:34:02 · 2569 阅读 · 0 评论 -
启用Kerberos时,Check Pig Client报错
报错内容:org.apache.pig.backend.hadoop.executionengine.tez.TezSessionManager - Exception while waiting for Tez client to be readyorg.apache.tez.dag.api.TezException: org.apache.hadoop.yarn.exceptions原创 2018-01-24 17:24:33 · 636 阅读 · 0 评论 -
Kerberos环境测试hive,报错:main : run as user is test main : requested yarn user is tes User test not found
报错日志:log4j:WARN No such property [maxFileSize] in org.apache.log4j.DailyRollingFileAppender.Logging initialized using configuration in file:/etc/hive/2.6.1.0-129/0/hive-log4j.propertiesException in th...原创 2018-07-16 15:29:56 · 6992 阅读 · 2 评论 -
Ambari加Kerberos认证后,Zookeeper执行命令./zkCli.sh报错
错误输出WATCHER::WatchedEvent state:SyncConnected type:None path:null2018-07-20 17:28:24,896 - ERROR [main-SendThread(localhost:2181):ZooKeeperSaslClient@388] - An error: (java.security.PrivilegedAct...原创 2018-07-23 10:23:30 · 3899 阅读 · 0 评论 -
ambari中hive启用kerberos进行jdbc连接操作正确方式
启用kerberos后,有两种操作方式连接hive;1、直接连接:jdbc:hive2://c2eng58:10000/default;principal=hive/c2eng58@EXAMPLE.COM2、通过zookerper连接jdbc:hive2://c2eng47:2181,c2eng48:2181,c2eng58:2181/;serviceDiscoveryMode=z...原创 2018-07-30 16:38:02 · 6609 阅读 · 0 评论 -
禁用Kerberos失败,hive组件的HiveServer2启动失败
报错:2018-08-09 10:47:50,360 FATAL [main]: server.HiveServer2 (HiveServer2.java:execute(722)) - Error starting HiveServer2java.lang.Error: Max start attempts 5 exhausted at org.apache.hive.servic...原创 2018-08-09 11:10:38 · 1617 阅读 · 0 评论 -
禁用Kerberos失败,kafka启动报错:KeeperErrorCode = NoAuth
日志:[2018-08-09 10:51:41,954] FATAL Fatal error during KafkaServerStartable startup. Prepare to shutdown (kafka.server.KafkaServerStartable)org.I0Itec.zkclient.exception.ZkException: org.apache.zook...原创 2018-08-09 10:57:46 · 7155 阅读 · 0 评论 -
启用Kerberos后,Yarn中ResourceManager启动失败:KeeperErrorCode = BadVersion for /yarn-leader-election
日志报错:2018-08-09 11:36:21,783 INFO service.AbstractService (AbstractService.java:noteFailure(272)) - Service org.apache.hadoop.yarn.server.resourcemanager.EmbeddedElectorService failed in state INIT...原创 2018-08-09 11:45:25 · 3468 阅读 · 1 评论 -
Ambari启用Kerberos后,HDFS报Failed to find datanode, suggest to check cluster health. excludeDatanode
报错日志:2018-08-06 14:10:56,812 WARN ipc.Client (Client.java:run(711)) - Couldn't setup connection for dn/140.bd@EXAMPLE.COM to 139.bd/**.**.**.**:8020javax.security.sasl.SaslException: GSS initiate ...原创 2018-08-07 09:01:54 · 3692 阅读 · 2 评论 -
kadmin: Operation requires ``extract-keys'' privilege while changing hnsw@HADOOP.COM's key
想要管理 KDC 的资料库有两种方式:kadmin.local:需要在 KDC server 上面操作,无需密码即可管理资料库kadmin:可以在任何一台 KDC 领域的系统上面操作,但是需要输入管理员密码如果是kadmin.local操作,用户共享keytab文件可以用如下命令:ktadd -k /etc/security/keytabs/admin.keytab -norandk...原创 2019-04-09 14:55:27 · 3047 阅读 · 1 评论 -
Python实现Kerberos用户的增删改查
1、首先模拟python类似shell命令行操作的接口:python安装subprocess(本地)、paramiko(SSH远程)#-*- coding: UTF-8 -*-#!/usr/bin/pythonimport os, sysimport subprocessimport paramikoimport settingsclass RunCmd(object):原创 2017-11-23 18:03:47 · 2872 阅读 · 0 评论 -
Kerberos报错:kinit: Password incorrect while getting initial credentials
kadmin.local进入,添加principal,如:addprinc -pw 123456 user输入密码,然后再操作生成keytab文件,ktadd -k /etc/security/keytabs/user.keytab user.发现kinit user,输入的密码失效登录不上,每次报错:kinit: Password incorrect while gettin原创 2017-11-15 14:29:59 · 19568 阅读 · 1 评论 -
Ambari Kerberos常用命令
kadmin.local //以超管身份进入kadminkadmin模式下:addprinc -randkey root/master1@JENKIN.COM //生成随机key的principaladdprinc admin/admin //生成指定key的principallistprincs //查看principalchange_passw原创 2017-10-11 18:41:22 · 1243 阅读 · 0 评论 -
Using privileged resources in combination with SASL RPC data transfer protection is not supported.
Kerberos启动HDFS报错,需对DataNode中SASL进行配置,参考官网已经解释了很清楚了:个人HDP版本是2.6.1.0个人配置:dfs.data.transfer.protection=integritydfs.http.policy=HTTPS_ONLY(原值为HTTP_ONLY)dfs.datanode.address(原值为0.0.0.0:101原创 2017-09-25 17:19:55 · 2123 阅读 · 0 评论 -
SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS]
1、date命令查看时间,不一致用ntp同步时间;2、启用namenode命令为:/usr/hdp/current/hadoop-client/sbin/hadoop-daemon.sh --config /usr/hdp/current/hadoop-client/conf start namenode原创 2017-09-26 19:13:26 · 17245 阅读 · 0 评论 -
No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt
参考链接:https://community.hortonworks.com/articles/72103/alternate-days-why-do-i-see-gssexception-no-valid.html转载 2017-09-26 20:29:34 · 21625 阅读 · 0 评论 -
Kerberos hadoop常见问题汇总
链接:https://github.com/steveloughran/kerberos_and_hadoop/blob/master/sections/errors.md问题汇总:1、GSS initiate failed —no further details provided2、Server not found in Kerberos database (7) or se转载 2017-09-27 17:52:41 · 15635 阅读 · 4 评论 -
Kerberos对hadoop进行错误调测debug
先执行如下命令:export HADOOP_OPTS="-Djava.net.preferIPv4Stack=true -Dlog.enable-console=true -Dsun.security.krb5.debug=true ${HADOOP_OPTS}"export HADOOP_ROOT_LOGGER=DEBUG,console再执行hadoop操作:had原创 2017-09-27 20:33:03 · 1155 阅读 · 0 评论 -
Ambari禁用Kerberos操作
禁用过程中如下图所示:查看日志报错:The 'krb5-conf' configuration is not availableThe 'kerberos-env' configuration is not available解决方案:select * from clusterconfigmapping WHERE type_name in ('kerb原创 2017-09-28 14:07:54 · 2696 阅读 · 2 评论 -
kerberos安全机制原理
推荐两篇文章:kerberos认证原理:http://blog.csdn.net/wulantian/article/details/42418231从kinit到kerberos安全机制:http://www.jianshu.com/p/2039fe8c62a1转载 2017-09-21 18:35:21 · 675 阅读 · 0 评论 -
Kerberos启动HDFS报错,java.io.FileNotFoundException: /etc/security/serverKeys/keystore.jks
因为配置了dfs.http.policy=HTTPS_ONLY,https要求集群中有一个CA,它会生成ca_key和ca_cert,想要加入这个集群的节点,需要拿到这2个文件,然后经过一连串的动作生成keystore,并在hadoop的ssl-server.xml和ssl-client.xml中指定这个keystore的路径和密码,这样各个节点间就可以使用https进行通信了通过OpenSS原创 2017-09-26 14:24:15 · 2348 阅读 · 0 评论 -
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested...个人通过网页访问view,证书CA问题,需要导入到java的jre中;解决办法:ImportImport the SSL certificat原创 2017-10-18 13:43:27 · 3919 阅读 · 0 评论 -
kdb5_util: Configuration file does not specify default realm while getting default realm
取消下列default_realm默认注释行(修改为自己想要的):即可执行创建Kerberos数据库命令:kdb5_util create -s原创 2017-09-25 10:48:50 · 7988 阅读 · 0 评论