說明:我構建了一個應用程序,用於從應用了Kerberos身份驗證的遠程集羣中獲取HDFS(Hadoop分佈式文件系統)文件。我可以從Eclipse執行HDFS.copyToLocalFile(path1,path2),它工作正常。但是,當我將項目導出爲可運行jar並嘗試通過命令行運行它時,它會拋出下面的錯誤。注意:我遵循了@https://sourceforge.net/p/jsch/mailman/message/26939797/提到的步驟,併成功地從Eclipse運行項目。我在Eclipse中檢查了其他文件,但找不到任何文件。我安裝的Kerberos V5 MIT隨着網絡身份管理器(4.0版本)使用憑證緩存的Kerberos身份驗證通過Eclipse工作,但不通過命令行工作
Caused by: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:680)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
at org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:643)
at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:730)
at org.apache.hadoop.ipc.Client$Connection.access$2800(Client.java:368)
at org.apache.hadoop.ipc.Client.getConnection(Client.java:1521)
at org.apache.hadoop.ipc.Client.call(Client.java:1438)
... 70 more
Caused by: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
at org.apache.hadoop.security.SaslRpcClient.selectSaslClient(SaslRpcClient.java:172)
at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:396)
at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:553)
at org.apache.hadoop.ipc.Client$Connection.access$1800(Client.java:368)
at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:722)
at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:718)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1628)
at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:717)
... 73 more
注:我已經配置了失色相關參數爲configuration.xml文件和捆綁入類路徑。
<property>
<name>java.security.auth.login.config</name>
<value>./Configuration/login.conf</value>
</property>
<property>
<name>java.security.krb5.conf</name>
<value>./Configuration/krb5.conf</value>
</property>
<property>
<name>javax.security.auth.useSubjectCredsOnly</name>
<value>false</value>
</property>
推薦閱讀:https://steveloughran.gitbooks.io/kerberos_and_hadoop/content/ –
在_「低層次的祕密」 _你有關於啓用一些技巧Kerberos調試跟蹤,例如'export HADOOP_JAAS_DEBUG = true'和'-Dsun.security.krb5.debug = true'加上,如果您使用的是REST接口,'-Dsun.security.spnego.debug = true' –
我也將添加我的個人風格:'-Djava.security.debug = gssloginconfig,configfile,configparser,logincontext'對於理解配置問題是非常有用的。 –