![](/img/trans.png)
[英]Phoenix connection throws error message “Failed to find any Kerberos tgt” after running for some time
[英]HBase Zookeeper AUTH_FAILED - Failed to find any Kerberos tgt
環境
HBase 1.5
Hadoop 2.9.2
Zookeeper 3.5.6
配置 Zookeeper 使用 Kerberos 並配置 HBase jaas.conf
登錄配置后收到以下錯誤
...在hbase-master.log
ERROR org.apache.zookeeper.ClientCnxn: SASL authentication with Zookeeper Quorum member failed:
javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException:
javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: No valid credentials provided
(Mechanism level: Failed to find any Kerberos tgt)])
occurred when evaluating Zookeeper Quorum Member's received SASL token.
Zookeeper Client will go to AUTH_FAILED state.
HBase jaas.conf
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
useTicketCache=true
storeKey=true
keyTab="/etc/security/keytabs/hbase.keytab"
principal="hbase/@REALM.COM";
};
hbase-env.sh
export HBASE_OPTS="-Djava.security.auth.login.config=/opt/hbase/conf/jaas.conf"
問題是在hbase-env.sh
,HBase的需求超過java.security.auth.login.config
在集HBASE_OPTS
。
配置 Zookeeper jaas.conf
正確方法:
export HBASE_SERVER_JAAS_OPTS="-Djava.security.auth.login.config=/opt/hbase/conf/jaas.conf"
export HBASE_MASTER_OPTS="$HBASE_MASTER_OPTS -Djava.security.auth.login.config=/opt/hbase/conf/jaas.conf"
如果您的master
和region
之間有單獨的密鑰表,則需要兩個 JAAS 文件,並且必須同時指定
HBASE_SERVER_JAAS_OPTS
HBASE_MASTER_OPTS
如果對所有 hbase 僅使用 1 個 kerberos 主體,則只需設置HBASE_SERVER_JAAS_OPTS
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.