Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kerberos: host 未配置导致的问题 #1

Open
zoeminghong opened this issue Dec 31, 2018 · 0 comments
Open

kerberos: host 未配置导致的问题 #1

zoeminghong opened this issue Dec 31, 2018 · 0 comments
Labels
kerberos Further information is requested
Milestone
大数据

Comments

@zoeminghong
Copy link
Owner

描述:

2018-12-31 15:20:08.954  WARN [dmp-spring-boot-hbase-kerberos-example,,,] 59377 --- [hared--pool2-t1] o.a.h.security.UserGroupInformation      : Not attempting to re-login since the last re-login was attempted less than 60 seconds before. Last Login=1546240807297
2018-12-31 15:20:13.087  WARN [dmp-spring-boot-hbase-kerberos-example,,,] 59377 --- [hared--pool2-t1] o.a.h.security.UserGroupInformation      : Not attempting to re-login since the last re-login was attempted less than 60 seconds before. Last Login=1546240807297
2018-12-31 15:20:16.728  WARN [dmp-spring-boot-hbase-kerberos-example,,,] 59377 --- [hared--pool2-t1] o.a.h.security.UserGroupInformation      : Not attempting to re-login since the last re-login was attempted less than 60 seconds before. Last Login=1546240807297
2018-12-31 15:20:20.919  WARN [dmp-spring-boot-hbase-kerberos-example,,,] 59377 --- [hared--pool2-t1] o.a.h.security.UserGroupInformation      : Not attempting to re-login since the last re-login was attempted less than 60 seconds before. Last Login=1546240807297
2018-12-31 15:20:24.659  WARN [dmp-spring-boot-hbase-kerberos-example,,,] 59377 --- [hared--pool2-t1] o.apache.hadoop.hbase.ipc.RpcClientImpl  : Couldn't setup connection for [email protected] to hbase/[email protected]

javax.security.sasl.SaslException: GSS initiate failed
	at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211) ~[na:1.8.0_121]
	at org.apache.hadoop.hbase.security.HBaseSaslRpcClient.saslConnect(HBaseSaslRpcClient.java:179) ~[hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupSaslConnection(RpcClientImpl.java:619) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.access$700(RpcClientImpl.java:164) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:745) ~[hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection$2.run(RpcClientImpl.java:742) ~[hbase-client-1.3.2.jar:1.3.2]
	at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_121]
	at javax.security.auth.Subject.doAs(Subject.java:422) ~[na:1.8.0_121]
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1682) ~[hadoop-common-3.1.0.jar:na]
	at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.setupIOstreams(RpcClientImpl.java:742) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.writeRequest(RpcClientImpl.java:911) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.ipc.RpcClientImpl$Connection.tracedWriteRequest(RpcClientImpl.java:875) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.ipc.RpcClientImpl.call(RpcClientImpl.java:1249) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient.callBlockingMethod(AbstractRpcClient.java:227) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.ipc.AbstractRpcClient$BlockingRpcChannelImplementation.callBlockingMethod(AbstractRpcClient.java:336) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.protobuf.generated.ClientProtos$ClientService$BlockingStub.scan(ClientProtos.java:35518) [hbase-protocol-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.client.ClientSmallReversedScanner$SmallReversedScannerCallable.call(ClientSmallReversedScanner.java:298) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.client.ClientSmallReversedScanner$SmallReversedScannerCallable.call(ClientSmallReversedScanner.java:276) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithoutRetries(RpcRetryingCaller.java:212) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:364) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.client.ScannerCallableWithReplicas$RetryingRPC.call(ScannerCallableWithReplicas.java:338) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.client.RpcRetryingCaller.callWithRetries(RpcRetryingCaller.java:137) [hbase-client-1.3.2.jar:1.3.2]
	at org.apache.hadoop.hbase.client.ResultBoundedCompletionService$QueueingFuture.run(ResultBoundedCompletionService.java:65) [hbase-client-1.3.2.jar:1.3.2]
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_121]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_121]
	at java.lang.Thread.run(Thread.java:745) [na:1.8.0_121]
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)
	at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:770) ~[na:1.8.0_121]
	at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248) ~[na:1.8.0_121]
	at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) ~[na:1.8.0_121]
	at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192) ~[na:1.8.0_121]
	... 25 common frames omitted
Caused by: sun.security.krb5.KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER
	at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73) ~[na:1.8.0_121]
	at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251) ~[na:1.8.0_121]
	at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262) ~[na:1.8.0_121]
	at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308) ~[na:1.8.0_121]
	at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126) ~[na:1.8.0_121]
	at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458) ~[na:1.8.0_121]
	at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693) ~[na:1.8.0_121]
	... 28 common frames omitted
Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match expected value (906)
	at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) ~[na:1.8.0_121]
	at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) ~[na:1.8.0_121]
	at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60) ~[na:1.8.0_121]
	at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55) ~[na:1.8.0_121]
	... 34 common frames omitted

2018-12-31 15:20:26.850  WARN [dmp-spring-boot-hbase-kerberos-example,,,] 59377 --- [hared--pool2-t1] o.a.h.security.UserGroupInformation      : Not attempting to re-login since the last re-login was attempted less than 60 seconds before. Last Login=1546240807297
2018-12-31 15:20:29.057  WARN [dmp-spring-boot-hbase-kerberos-example,,,] 59377 --- [hared--pool2-t1] o.a.h.security.UserGroupInformation      : Not attempting to re-login since the last re-login was attempted less than 60 seconds before. Last Login=1546240807297

方案:

添加相应环境的 host 配置,如果还是不行,可以执行一下本地DNS缓存刷新

Mac: sudo dscacheutil -flushcache

Windows: ipconfig /flushdns

参考文档:
@zoeminghong zoeminghong added the kerberos Further information is requested label Dec 31, 2018
@zoeminghong zoeminghong added this to the 大数据 milestone Dec 31, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kerberos Further information is requested
Projects
None yet
Milestone
大数据
Development

No branches or pull requests
1 participant
@zoeminghong