java从windows桌面连接到远程远程kerberos hadoop集群

时间:2016-09-16 11:33:18

标签: java hadoop hdfs kerberos hadoop2

我们在RHEL上运行了远程hadoop集群,我们需要从Windows桌面访问HDFS文件。所以我用java编写程序来做同样的事情。

问题是,我们之前没有使用Kerberos,因此我可以使用以下代码进行连接

Configuration conf = new Configuration();
conf.set("fs.defaultFS","hdfs://one.hdp:8020");
FileSystem fs = FileSystem.get(conf);
FileStatus[] fsStatus = fs.listStatus(new Path("/"));
for(int i = 0; i < fsStatus.length; i++){
   System.out.println(fsStatus[i].getPath().toString());
}

现在我们有了Kerberos代码,我关注了这个网站http://henning.kropponline.de/2016/02/14/a-secure-hdfs-client-example/,并根据“提供登录凭据”创建了以下内容,该内容使用GSS-API来执行这样的kinit

回调处理程序:

private static String username = "hdfs-user";
private static char[] password = "hadoop".toCharArray();
public static LoginContext kinit() throws LoginException {
  LoginContext lc = new LoginContext(HdfsMain.class.getSimpleName(), new CallbackHandler() {
  public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
    for(Callback c : callbacks){
      if(c instanceof NameCallback)
        ((NameCallback) c).setName(username);
      if(c instanceof PasswordCallback)
        ((PasswordCallback) c).setPassword(password);
    }
 }});
 lc.login();
 return lc;
}

HdfsMain.conf:

HdfsMain {
  com.sun.security.auth.module.Krb5LoginModule required client=TRUE;
};

连接代码:

Configuration conf = new Configuration();
conf.set("fs.defaultFS", "hdfs://one.hdp:8020");
conf.set("hadoop.security.authentication", "kerberos");
UserGroupInformation.setConfiguration(conf);

LoginContext lc = kinit();
UserGroupInformation.loginUserFromSubject(lc.getSubject());

FileSystem fs = FileSystem.get(conf);
FileStatus[] fsStatus = fs.listStatus(new Path("/"));

for(int i = 0; i < fsStatus.length; i++){
  System.out.println(fsStatus[i].getPath().toString());
}

现在我收到以下错误:

Caused by: KrbException: null (68)
    at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:76)
    at sun.security.krb5.KrbAsReqBuilder.send(KrbAsReqBuilder.java:316)
    at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361)
    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:766)
    ... 15 more
Caused by: KrbException: Identifier doesn't match expected value (906)
    at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
    at sun.security.krb5.internal.ASRep.init(ASRep.java:64)
    at sun.security.krb5.internal.ASRep.<init>(ASRep.java:59)
    at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:60)
    ... 18 more

我无法登录。

注意:我没有Keytab文件来测试该方法。

任何形式的帮助将不胜感激

0 个答案:

没有答案
相关问题
最新问题