[英]How to authenticate to Hadoop from command line? Removing `ls: SIMPLE authentication is not enabled` error
I am setting up Kerberos authentication on a Hadoop cluster. 我正在Hadoop群集上设置Kerberos身份验证。 From a machine outside the cluster, whenever I do hadoop fs -ls
, I get the following message: ls: SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS]
从群集外部的计算机上,每当执行hadoop fs -ls
,都会收到以下消息: ls: SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS]
ls: SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS]
, which is nice, since that is what I want. ls: SIMPLE authentication is not enabled. Available:[TOKEN, KERBEROS]
,很好,因为那是我想要的。 But now my question is, how do I actually execute that command succesfully? 但是现在我的问题是,我实际上如何成功执行该命令? I know that I cannot proceed if I don't authenticate, but how do I authenticate from the command line? 我知道如果不进行身份验证就无法继续,但是如何从命令行进行身份验证?
Try below steps 请尝试以下步骤
Server
kadmin.local
addprinc user@realm.com
Client
kinit user@realm.com
klist
to view the principals klist
查看负责人
Things need to be modified both in the Hadoop server and in the client that is trying to access it. 在Hadoop服务器和尝试访问它的客户端中,都需要修改事物。
Server 服务器
In the server you need to add a new user to the realm, and for that you use the following commands: 在服务器中,您需要向该领域中添加一个新用户,为此,请使用以下命令:
In the kadmin.local
shell, type the following command: addprinc user@realm.com
. 在kadmin.local
shell中,键入以下命令: addprinc user@realm.com
。 When prompted, type the password twice. 出现提示时,键入两次密码。
Client 客户
Be sure that you have kinit installed and pointing to the Kerberos server of the cluster, and run the following command to acquire a token from the Kerberos server: kinit user@realm.com
. 确保已安装kinit并指向集群的Kerberos服务器,然后运行以下命令从Kerberos服务器获取令牌: kinit user@realm.com
。 To verify that you succeeded acquiring it, type klist
. 要验证您是否成功获取它,请输入klist
。
And last, but not least: be sure that your client core-site.xml
file is in agreement with the corresponding server-side configuration. 最后但并非最不重要的一点:确保您的客户端core-site.xml
文件与相应的服务器端配置一致。 Particularly, be sure that the value for the key hadoop.security.authentication
is not simple
in your client if it is not simple
in your server. 特别是,要确保该键的值hadoop.security.authentication
不是simple
在你的客户,如果它不是simple
在你的服务器。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.