kerberos异常:请求的开始时间晚于结束时间

aelbi1ox  于 2021-06-07  发布在  Hbase
关注(0)|答案(0)|浏览(543)

我们的hadoop集群支持kerberos身份验证。spark streaming应用程序(访问hbase)运行一段时间后,常常会发生zookeeper错误:

KrbException: Requested start time is later than end time (11) - Requested start time is later than end time
   at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
   at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:192)
   at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:203)
   at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:309)
   at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:115)
   at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:454)
   at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:641)
   at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
   at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
   at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193)
   at org.apache.zookeeper.client.ZooKeeperSaslClient$2.run(ZooKeeperSaslClient.java:366)
   at org.apache.zookeeper.client.ZooKeeperSaslClient$2.run(ZooKeeperSaslClient.java:363)
   at java.security.AccessController.doPrivileged(Native Method)
   at javax.security.auth.Subject.doAs(Subject.java:415)
   at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:362)
   at org.apache.zookeeper.client.ZooKeeperSaslClient.createSaslToken(ZooKeeperSaslClient.java:348)
   at org.apache.zookeeper.client.ZooKeeperSaslClient.sendSaslPacket(ZooKeeperSaslClient.java:420)
   at org.apache.zookeeper.client.ZooKeeperSaslClient.initialize(ZooKeeperSaslClient.java:458)
   at org.apache.zookeeper.ClientCnxn$SendThread.run(ClientCnxn.java:1013)
Caused by: KrbException: Identifier doesn't match expected value (906)
   at sun.security.krb5.internal.KDCRep.init(KDCRep.java:143)
   at sun.security.krb5.internal.TGSRep.init(TGSRep.java:66)
   at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:61)
   at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
   ... 18 more
20/12/16 09:23:47 ERROR ZooKeeperSaslClient: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Requested start time is later than end time (11) - Requested start time is later than end time)]) occurred when evaluating Zookeeper Quorum Member's  received SASL token. Zookeeper Client will go to AUTH_FAILED state.
20/12/16 09:23:47 ERROR ClientCnxn: SASL authentication with Zookeeper Quorum member failed: javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Requested start time is later than end time (11) - Requested start time is later than end time)]) occurred when evaluating Zookeeper Quorum Member's  received SASL token. Zookeeper Client will go to AUTH_FAILED state.

在google之后,我才发现这个错误与kdc有关,err never never valid,客户机的时钟与kdc不同步。
但是集群中的所有机器都运行良好,并且偏差是正常的。
有人有过这样的经历吗?

hbaseapache-zookeeperkerberoskdcntp

暂无答案!

目前还没有任何答案,快来回答吧!

我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com