我正在尝试通过以下代码使用Java使用SSL Kerberos连接到Hive:
System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
Configuration conf = new org.apache.hadoop.conf.Configuration();
conf.set("hadoop.security.authentication", "Kerberos");
conf.set("hadoop.rpc.protection", "privacy");
conf.set("dfs.data.transfer.protection", "privacy");
UserGroupInformation.setConfiguration(conf);
UserGroupInformation.loginUserFromKeytab("hload/cluster", "/home/jhg/hload.keytab");
System.out.println("Logining HLOAD with its Keytab: " + this.hiveURI);
return DriverManager.getConnection(this.hiveURI);
但是我遇到以下错误:
2018-10-26 21:42:53.568 WARN 116257 --- [ main] o.a.h.security.UserGroupInformation : PriviledgedActionException as:hload/XXXXXX@YYYYYY (auth:KERBEROS) cause:java.io.IOException: Couldn't setup connection for hload/XXXXXX@YYYYYY to example.com/100.100.100.100:8020
2018-10-26 21:42:53.602 ERROR 116257 --- [ main] o.s.boot.SpringApplication : Application startup failed
java.lang.IllegalStateException: Failed to execute CommandLineRunner
at org.springframework.boot.SpringApplication.callRunner(SpringApplication.java:735) [spring-boot-1.5.9.RELEASE.jar!/:1.5.9.RELEASE]
at org.springframework.boot.SpringApplication.callRunners(SpringApplication.java:716) [spring-boot-1.5.9.RELEASE.jar!/:1.5.9.RELEASE]
...
Caused by: java.io.IOException: Failed on local exception: java.io.IOException: Couldn't setup connection for hload/XXXXXX@YYYYYY to example.com/100.100.100.100:8020; Host Details : local host is: "example222.com/200.200.200.200"; destination host is: "example.com":8020;
at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:772) ~[hadoop-common-2.6.0-cdh5.13.0.jar!/:na]
at org.apache.hadoop.ipc.Client.call(Client.java:1508) ~[hadoop-common-2.6.0-cdh5.13.0.jar!/:na]
...
Caused by: java.io.IOException: Couldn't setup connection for hload/XXXXXX@YYYYYY to example.com/100.100.100.100:8020
at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:710) ~[hadoop-common-2.6.0-cdh5.13.0.jar!/:na]
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_151]
at javax.security.auth.Subject.doAs(Subject.java:422) ~[na:1.8.0_151]
...
Caused by: javax.security.sasl.SaslException: No common protection layer between client and server
at com.sun.security.sasl.gsskerb.GssKrb5Client.doFinalHandshake(GssKrb5Client.java:251) ~[na:1.8.0_151]
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:186) ~[na:1.8.0_151]
...
如何配置我的连接以解决该问题?