Kerberos使用IP而不是主机名

时间:2016-12-29 16:01:51

标签: java solr kerberos hostname

我正在编写一个Java类来访问Solr(使用SolrJ)在Kerberized Cloudera虚拟机中,该虚拟机具有来自Windows机器的静态IP地址(我使用VMWare)。问题是Kerberos返回以下错误:在Kerberos数据库中找不到服务器(7) - UNKNOWN_SERVER。

这是完整的错误:

KRBError:
     cTime is Sun Mar 06 03:49:00 CET 1994 762922140000
     sTime is Thu Dec 29 16:11:14 CET 2016 1483024274000
     suSec is 413432
     error code is 7
     error Message is Server not found in Kerberos database
     cname is cloudera@CLOUDERA
     sname is HTTP/192.168.59.200@CLOUDERA
     msgType is 30

问题是Kerberos使用虚拟机的IP地址(安装了Kerberos)而不是FQDN(= quickstart.cloudera)。实际上在Kerberos中只存在HTTP /quickstart.cloudera@CLOUDERA主体。

我还尝试将服务主体从HTTP/quickstart.cloudera@CLOUDERA重命名为HTTP /192.168.59.200@CLOUDERA并它工作,但我打破了所有cloudera的内部服务使用HTTP原始主体。

在windows hosts文件中我放了:192.168.59.200 quickstart.cloudera

这是我的krb5.conf:

[libdefaults]
default_realm = CLOUDERA
rdns = true
dns_lookup_kdc = true
dns_lookup_realm = true
dns_canonicalize_hostname = true
ignore_acceptor_hostname = true
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
permitted_enctypes = rc4-hmac
udp_preference_limit = 1
kdc_timeout = 3000
[realms]
CLOUDERA = {
  kdc = quickstart.cloudera
  admin_server = quickstart.cloudera
  default_domain = quickstart.cloudera
}
[domain_realm]
  .cloudera = CLOUDERA
  quickstart.cloudera = CLOUDERA

这是我的jaas.conf:

com.sun.security.jgss.initiate {
 com.sun.security.auth.module.Krb5LoginModule required
 useKeyTab=true
 keyTab="C:/Binaries/Kerberos/cloudera.keytab"
 doNotPrompt=true
 useTicketCache=false
 storeKey=true
 debug=true
 principal="cloudera@CLOUDERA";
};

这是我的java测试代码:

@Test
public void testSecureSolr() {
try {

    System.setProperty("sun.security.krb5.debug", "true");
     System.setProperty("java.security.krb5.conf","C:\\Binaries\\Kerberos\\krb5.conf");
System.setProperty("java.security.auth.login.config","C:\\Binaries\\Kerberos\\jaas.conf");

    LOG.info("-------------------------------------------------");
    LOG.info("------------------- TESTS SOLR ------------------");
    LOG.info("-------------------------------------------------");

    HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());

    SolrServer solrServer = new HttpSolrServer(CLUSTER_URI_SOLR);
    SolrPingResponse pingResponse = solrServer.ping();

    LOG.info("Solr Ping Status: "+ pingResponse.getStatus());
    LOG.info("Solr Ping Time: "+ pingResponse.getQTime());

} catch (SolrServerException | IOException e) {
    e.printStackTrace();
}
}

有什么建议吗?感谢。

0 个答案:

没有答案