webhdfs curl—在windows上协商

hec6srdp  于 2021-05-31  发布在  Hadoop
关注(0)|答案(1)|浏览(554)

以下命令在linux上工作,但在windows上失败。在运行命令之前,我使用kinit获取有效的kerberos票证。

curl -v -i --negotiate -u : -b ~/cookiejar.txt -c ~/cookiejar.txt "http://<HDP-Cluster>:50070/webhdfs/v1/?op=LISTSTATUS"

预期结果(linux输出):

> {"FileStatuses":{"FileStatus":[
> {"accessTime":0,"blockSize":0,"childrenNum":17,"fileId":18894,"group":"hadoop","length":0,"modificationTime":1589364305719,"owner":"yarn","pathSuffix":"app-logs","permission":"1777","replication":0,"storagePolicy":0,"type":"DIRECTORY"},
> {"accessTime":0,"blockSize":0,"childrenNum":3,"fileId":16432,"group":"hdfs","length":0,"modificationTime":1566323580684,"owner":"hdfs","pathSuffix":"apps","permission":"755","replication":0,"storagePolicy":0,"type":"DIRECTORY"},
> {"accessTime":0,"blockSize":0,"childrenNum":1,"fileId":16419,"group":"hdfs","length":0,"modificationTime":1566323394432,"owner":"hdfs","pathSuffix":"atsv2","permission":"755","replication":0,"storagePolicy":0,"type":"DIRECTORY"},
> {"accessTime":0,"blockSize":0,"childrenNum":0,"fileId":77127,"group":"hdfs","length":0,"modificationTime":1566983700653,"owner":"hdfs","pathSuffix":"benchmarks","permission":"755","replication":0,"storagePolicy":0,"type":"DIRECTORY"}
> ]}}

从windows输出:


* Connected to <SERVER> (<IP>) port 50070 (#0)
* Server auth using Negotiate with user ''

> GET /webhdfs/v1/?op=LISTSTATUS HTTP/1.1
> Host: <SERVER>:50070
> Authorization: Negotiate TlRMTVNTUAABAAAAt4II4gAAAAAAAAAAAAAAAAAAAAAKAGNFAAAADw==
> User-Agent: curl/7.70.0
> Accept: */*
> Cookie: hadoop.auth=
>

* Mark bundle as not supporting multiuse

< HTTP/1.1 403 java.lang.IllegalArgumentException
< Date: Wed, 15 Jul 2020 09:32:34 GMT
< Date: Wed, 15 Jul 2020 09:32:34 GMT
< Pragma: no-cache
< X-FRAME-OPTIONS: SAMEORIGIN

* Replaced cookie hadoop.auth="" for domain <SERVER.Full.Domain>, path /, expire 0

< Set-Cookie: hadoop.auth=; Path=/; HttpOnly
< Cache-Control: must-revalidate,no-cache,no-store
< Content-Type: text/html;charset=iso-8859-1
< Content-Length: 293
<
{ [293 bytes data]
100   293  100   293    0     0   3367      0 --:--:-- --:--:-- --:--:--  3367HTTP/1.1 403 java.lang.IllegalArgumentException
Date: Wed, 15 Jul 2020 09:32:34 GMT
Date: Wed, 15 Jul 2020 09:32:34 GMT
Pragma: no-cache
X-FRAME-OPTIONS: SAMEORIGIN
Set-Cookie: hadoop.auth=; Path=/; HttpOnly
Cache-Control: must-revalidate,no-cache,no-store
Content-Type: text/html;charset=iso-8859-1
Content-Length: 293

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 java.lang.IllegalArgumentException</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /webhdfs/v1/. Reason:
<pre>    java.lang.IllegalArgumentException</pre></p>
</body>
</html>

* Connection #0 to host <server> left intact

curl 版本窗口:

curl -V
curl 7.70.0 (x86_64-w64-mingw32) libcurl/7.70.0 OpenSSL/1.1.1g (Schannel) zlib/1.2.11 libidn2/2.3.0 libssh2/1.9.0 nghttp2/1.40.0
Release-Date: 2020-04-29
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS HTTP2 HTTPS-proxy IDN IPv6 Kerberos Largefile libz Metalink MultiSSL NTLM SPNEGO SSL SSPI TLS-SRP

curl版本linux:

curl -V
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.36 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets

我在中找到了一个关于如何在linux上安装的详细描述,当使用--negotiate with curl,is a keytab file required?时,但是我找不到用于windows的gss api,用于windows的sspi是否与用于linux的gss api相同?

hmae6n7t

hmae6n7t1#

我从以下两个方面找到了答案:
使用--negotiate with curl时,是否需要keytab文件?
警告:编译curl的windows版本是为了支持microsoftsspi库,而不是hadooprest服务所需的gssapi库
:(
不使用spnego访问kerberos安全的webhdfs
显示了一个java代码,其中您获得了一个委托令牌并将其传递给webhdfs restapi。这样你就不需要用——协商。

相关问题