@PostConstruct
public void init() throws Exception {
if (conn == null) {
// System.setProperty("hadoop.home.dir", "G:/keyberos/hbase");
System.setProperty("java.security.krb5.conf",krbConf);
conf = HBaseConfiguration.create();
conf.set("hbase.zookeeper.property.clientPort", zkPort);
conf.set("hbase.zookeeper.quorum", zkHost);
conf.set("hbase.master", master);
// conf.addResource(hbaseSite);
conf.set("hadoop.security.authentication", "kerberos");
conf.set("hbase.security.authentication", "kerberos");
conf.set("hbase.cluster.distributed", "true");
conf.set("hbase.rpc.protection", "authentication");
conf.set("hbase.master.kerberos.principal", principal); // this is needed even if you connect over rpc/zookeeper
conf.set("hbase.regionserver.kerberos.principal", principal); //what principal the master/region. servers use.
String principal = System.getProperty("kerberosPrincipal", kerberosPrincipal);
String keytabLocation = System.getProperty("kerberosKeytab",keyberos);
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab(principal, keytabLocation);
conn = ConnectionFactory.createConnection(conf);
}
}
在 UserGroupInformation.loginUserFromKeytab(principal, keytabLocation) 处报错:
java.io.IOException: Login failure for [email protected] from keytab F:/hbase/hbase.keytab: javax.security.auth.login.LoginException: no supported default etypes for default_tkt_enctypes
参数分别为 [email protected],F:/hbase/hbase.keytab 。
java.security.krb5.conf设置为F:/hbase/krb5.conf :
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = XXXX.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
default_tgs_enctypes = aes256-cts-hmac-sha1-96
default_tkt_enctypes = aes256-cts-hmac-sha1-96
permitted_enctypes = aes256-cts-hmac-sha1-96
clockskew = 120
udp_preference_limit = 1
[realms]
XXXX.COM = {
kdc = bdp01
admin_server = bdp01
}
[domain_realm]
.xxxx.com = XXXX.COM
xxxx.com = XXXX.COM
处理:下载jdk8对应的JCE文件添加到jdk/jre/lib/security下
初步推测是,jdk需要相应的加密解密方式来处理hbase.keytab 文件。
参考https://blog.csdn.net/wulantian/article/details/42173095
原文地址:https://www.cnblogs.com/mryangbo/p/11898648.html
时间: 2024-10-18 01:23:50