为kerberos配置Storm

时间:2015-11-25 03:57:53

标签: kerberos apache-storm jaas

我正在尝试配置单节点风暴群集以运行kerberos身份验证。 任何时候我尝试使用此卷曲访问ui: curl -i --negotiate -u:storm -b~ / cookiejar.txt -c~ / cookiejar.txt http://hadoop-machine1:8080/api/v1/cluster/summary 我有以下错误: HTTP错误:403 GSSException:GSS-API级别未指定失败(机制级别:不支持/启用HMAC SHA1-96的加密类型AES256 CTS模式)。

这是我的风暴配置:

ui.header.buffer.bytes: 65536
storm.zookeeper.servers:
  - "192.168.1.3"

storm.zookeeper.port: 2181
nimbus.host: "192.168.1.3"
java.library.path: "/usr/local/lib"
storm.local.dir: "/tmp/storm-data"
storm.messaging.transport: backtype.storm.messaging.netty.Context
supervisor.slots.ports:
  - 6700
  - 6701
  - 6702
  - 6703
  - 6704
  - 6705
  - 6706
  - 6707
ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter"
ui.filter.params:
    "type": "kerberos"
    "kerberos.principal": "HTTP/hadoop-machine1@HADOOP-MACHINE1"
    "kerberos.keytab": "/vagrant/keytabs/http.keytab"
    "kerberos.name.rules": "DEFAULT"

storm.thrift.transport : "backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin"
storm.principal.tolocal: "backtype.storm.security.auth.KerberosPrincipalToLocal"
storm.zookeeper.superACL: "sasl:stormc"
java.security.auth.login.config: "/home/wouri/apache-storm-0.10.0/conf/jaas.conf"
nimbus.authorizer: "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer"
nimbus.admins:
  - "stormc"
nimbus.supervisor.users:
  - "stormc"

nimbus.childopts: "-Xmx1024m -Djava.security.auth.login.config=/home/wouri/apache-storm-0.10.0/conf/jaas.conf"
ui.childopts: "-Xmx768m -Djava.security.auth.login.config=/home/wouri/apache-storm-0.10.0/conf/jaas.conf"
supervisor.childopts: "-Xmx256m -Djava.security.auth.login.config=/home/wouri/apache-storm-0.10.0/conf/jaas.conf"

以下是我的kerberos配置krb5.conf:

[libdefaults]
        default_realm = HADOOP-MACHINE1
        dns_lookup_realm = true
        dns_lookup_kdc = true

[realms]
    HADOOP-MACHINE1 = {
       kdc = hadoop-machine1
       admin_server = hadoop-machine1
       master_key_type = aes256-cts-hmac-sha1-96
       supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal
        }

[domain_realm]
.hadoop-machine1 = HADOOP-MACHINE1
 hadoop-machine1 = HADOOP-MACHINE1

以下是jaas.conf文件:

StormServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/home/wouri/apache-storm-0.10.0/conf/storm.keytab"
storeKey=true
useTicketCache=false
principal="stormc/hadoop-machine1@HADOOP-MACHINE1";
};

StormClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/home/wouri/apache-storm-0.10.0/conf/storm.keytab"
storeKey=true
useTicketCache=false
serviceName="stormc"
principal="stormc/hadoop-machine1@HADOOP-MACHINE1";
};

Server {
     com.sun.security.auth.module.Krb5LoginModule required
     useKeyTab=true
     keyTab="/usr/local/zookeeper/conf/zookeeper.keytab"
     storeKey=true
     useTicketCache=false
     serviceName="zookeeper"
     principal="zookeeper/hadoop-machine1@HADOOP-MACHINE1";
 };

请问,是否有我错过的配置标志?

0 个答案:

没有答案
相关问题
最新问题