我正在编写一个Java类来访问Solr(使用SolrJ)在Kerberized Cloudera虚拟机中,该虚拟机具有来自Windows机器的静态IP地址(我使用VMWare)。问题是Kerberos返回以下错误:在Kerberos数据库中找不到服务器(7) - UNKNOWN_SERVER。
这是完整的错误:
KRBError:
cTime is Sun Mar 06 03:49:00 CET 1994 762922140000
sTime is Thu Dec 29 16:11:14 CET 2016 1483024274000
suSec is 413432
error code is 7
error Message is Server not found in Kerberos database
cname is cloudera@CLOUDERA
sname is HTTP/192.168.59.200@CLOUDERA
msgType is 30
问题是Kerberos使用虚拟机的IP地址(安装了Kerberos)而不是FQDN(= quickstart.cloudera)。实际上在Kerberos中只存在HTTP /quickstart.cloudera@CLOUDERA主体。
我还尝试将服务主体从HTTP/quickstart.cloudera@CLOUDERA重命名为HTTP /192.168.59.200@CLOUDERA并它工作,但我打破了所有cloudera的内部服务使用HTTP原始主体。
在windows hosts文件中我放了:192.168.59.200 quickstart.cloudera
这是我的krb5.conf:
[libdefaults]
default_realm = CLOUDERA
rdns = true
dns_lookup_kdc = true
dns_lookup_realm = true
dns_canonicalize_hostname = true
ignore_acceptor_hostname = true
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = rc4-hmac
default_tkt_enctypes = rc4-hmac
permitted_enctypes = rc4-hmac
udp_preference_limit = 1
kdc_timeout = 3000
[realms]
CLOUDERA = {
kdc = quickstart.cloudera
admin_server = quickstart.cloudera
default_domain = quickstart.cloudera
}
[domain_realm]
.cloudera = CLOUDERA
quickstart.cloudera = CLOUDERA
这是我的jaas.conf:
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="C:/Binaries/Kerberos/cloudera.keytab"
doNotPrompt=true
useTicketCache=false
storeKey=true
debug=true
principal="cloudera@CLOUDERA";
};
这是我的java测试代码:
@Test
public void testSecureSolr() {
try {
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.krb5.conf","C:\\Binaries\\Kerberos\\krb5.conf");
System.setProperty("java.security.auth.login.config","C:\\Binaries\\Kerberos\\jaas.conf");
LOG.info("-------------------------------------------------");
LOG.info("------------------- TESTS SOLR ------------------");
LOG.info("-------------------------------------------------");
HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
SolrServer solrServer = new HttpSolrServer(CLUSTER_URI_SOLR);
SolrPingResponse pingResponse = solrServer.ping();
LOG.info("Solr Ping Status: "+ pingResponse.getStatus());
LOG.info("Solr Ping Time: "+ pingResponse.getQTime());
} catch (SolrServerException | IOException e) {
e.printStackTrace();
}
}
有什么建议吗?感谢。