我有一个非常简单的 Scala HBase GET 应用程序。我试图建立如下连接:
import org.apache.hadoop.hbase.{HBaseConfiguration, TableName}
import org.apache.hadoop.hbase.client.{ConnectionFactory, Get}
object Debug extends App {
val hbaseConf: HadoopConf = HBaseConfiguration.create
val connection: Connection = ConnectionFactory.createConnection(hbaseConf)
val hbaseTable = connection.getTable(TableName.valueOf("my-hbase-table"))
hbaseTable.get(new Get("rowkey".getBytes).addColumn("colFam".getBytes,"colName".getBytes))
}
每当我运行它时,我都会收到如下错误:
Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
at org.apache.hadoop.hbase.security.AbstractHBaseSaslRpcClient.getInitialResponse(AbstractHBaseSaslRpcClient.java:131)
at org.apache.hadoop.hbase.security.NettyHBaseSaslRpcClientHandler$1.run(NettyHBaseSaslRpcClientHandler.java:108)
at org.apache.hadoop.hbase.security.NettyHBaseSaslRpcClientHandler$1.run(NettyHBaseSaslRpcClientHandler.java:104)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1746)
at org.apache.hadoop.hbase.security.NettyHBaseSaslRpcClientHandler.handlerAdded(NettyHBaseSaslRpcClientHandler.java:104)
at org.apache.hbase.thirdparty.io.netty.channel.DefaultChannelPipeline.callHandlerAdded0(DefaultChannelPipeline.java:606)
at org.apache.hbase.thirdparty.io.netty.channel.DefaultChannelPipeline.addFirst(DefaultChannelPipeline.java:187)
at org.apache.hbase.thirdparty.io.netty.channel.DefaultChannelPipeline.addFirst(DefaultChannelPipeline.java:380)
at org.apache.hbase.thirdparty.io.netty.channel.DefaultChannelPipeline.addFirst(DefaultChannelPipeline.java:359)
at org.apache.hadoop.hbase.ipc.NettyRpcConnection.saslNegotiate(NettyRpcConnection.java:200)
... 18 more
Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:162)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:189)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
... 30 more
我使用的是 Windows,所以我在 C: 驱动器的根目录下放了 4 个文件:
C:\cacerts
C:\jaas.conf
C:\krb5.conf
C:\principal.keytab
我的 C:\jaas.conf :
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="C:\\principal.keytab"
useTicketCache=false
debug=true
principal="principal@REALM";
};
Client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="C:\\principal.keytab"
useTicketCache=false
debug=true
principal="principal@REALM";
};
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="C:\\principal.keytab"
principal="principal@REALM";
};
我在 Cloudera CDH 版本 6.3.2 上。从 Cloudera 管理器下载 hbase-client-config(ssl-client.xml、hdfs-site.xml、hbase-site.xml、core-site.xml),并在 IntelliJ 的资源文件夹下添加 HBase 客户端配置文件。我的 hbase 客户端配置文件
并jaas.conf在 IntelliJ 中设置 VM 选项,运行/调试配置 -> 应用程序 -> 构建和运行 -> VM 选项。我的智能应用程序虚拟机选项配置
当应用程序启动时,我能够看到jaas.conf文件正在被占用jaas.conf-logs
即使它说它将使用密钥表,我仍然会收到这样的错误:Kerberos-error-message
我的 Cloudera 版本:6.3.2
斯卡拉版本:2.11.12
HBase 客户端:2.1.0
有没有人有任何想法?当我提供 jaas.conf 时,Java 身份验证系统是否不会自行获取 Kerberos 票证?