zoukankan      html  css  js  c++  java

  • Kerberos常见错误

    1.CDH安装Kerberos后,重启集群报错

    Socket Reader #1 for port 8022: readAndProcess from client 192.168.50.83 threw exception [javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]]
Socket Reader #1 for port 8020: readAndProcess from client 192.168.50.77 threw exception [javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)]]

    原因:

    因为系统采用的是Centos7.6,对于使用Centos5.6及以上西戎,默认采用 AES-256 来加密;这就需要CDH集群所有的节点都安装 Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy File
    下载链接:https://www.oracle.com/technetwork/java/javase/downloads/index.html

    解决办法:

    1.下载的文件是个zip包,解压

    2.将解压后的 UnlimitedJCEPolicyJDK8 文件下的两个jar包 复制到 $JAVA_HOME/jre/lib/security/
    #我的JAVA_HOME=/opt/module/jdk1.8.0_144
cp UnlimitedJCEPolicyJDK8/*.jar /opt/module/jdk1.8.0_144/jre/lib/security/
    3.如果你的JAVA_HOME不是在/usr/java下,那么还需要进行一步操作
    mkdir /usr/java
#创建软链接指向自己的JAVA_HOME
ln -s /opt/module/jdk1.8.0_144/ default

    2.HUE报错

    Couldn't renew kerberos ticket in order to work around Kerberos 1.8.1 issue. Please check that the ticket for 'hue/cdh03@BIGDATATEST.COM' is still renewable:
  $ klist -f -c /var/run/hue/hue_krb5_ccache
If the 'renew until' date is the same as the 'valid starting' date, the ticket cannot be renewed. Please check your KDC configuration, and the ticket renewal policy (maxrenewlife) for the 'hue/cdh03@BIGDATATEST.COM' and `krbtgt' principals.

    原因:Kerberos Ticket过期

    解决办法:

    1.检查配置文件
    vim /etc/krb5.conf


    vim /var/kerberos/krb5kdc/kdc.conf

    2.检查krbtgt用户的Maximum renewable life
    kadmin.local -q 'getprinc krbtgt/BIGDATATEST.COM@BIGDATATEST.COM'

    3.修改krbtgt的maxrenewlife
    kadmin.local -q 'modprinc -maxrenewlife "7d" krbtgt/BIGDATATEST.COM'

    4.删除cache
    rm -rfv /var/run/hue/hue_krb5_ccache
    4.重启Kerberos Ticket Renewer
  • 相关阅读:
    下拉菜单年月日
    把某些字符替换成**;
    单击向下滚动,单击停止滚动,下拉显示top,点击top返回顶部
    去除网页中的选中和右键菜单
    表单验证必须为6-12位英文字母去除首尾空格
    免费的海量编程中文书籍索引-都是干货【强烈建议收藏】
    图标搜索网站
    表单验证
    HDU 6319 Problem A. Ascending Rating(单调队列)
    Palindrome Function HDU
  • 原文地址:https://www.cnblogs.com/wuning/p/11908861.html
Copyright © 2011-2022 走看看