为kerberos配置storm

qf9go6mv  于 2021-06-21  发布在  Storm
关注(0)|答案(0)|浏览(196)

我正在尝试配置一个单节点storm集群来运行kerberos身份验证。每当我尝试使用以下curl:curl-i--negotiate-u:storm-b~/cookiejar.txt-c~/cookiejar.txt访问ui时http://hadoop-machine1:8080/api/v1/cluster/summary我有以下错误:http错误:403 gssexception:在gss api级别未指定失败(机制级别:加密类型aes256 cts mode with hmac sha1-96不可用)支持/启用)。
这是我的风暴配置:

ui.header.buffer.bytes: 65536
storm.zookeeper.servers:
  - "192.168.1.3"

storm.zookeeper.port: 2181
nimbus.host: "192.168.1.3"
java.library.path: "/usr/local/lib"
storm.local.dir: "/tmp/storm-data"
storm.messaging.transport: backtype.storm.messaging.netty.Context
supervisor.slots.ports:
  - 6700
  - 6701
  - 6702
  - 6703
  - 6704
  - 6705
  - 6706
  - 6707
ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter"
ui.filter.params:
    "type": "kerberos"
    "kerberos.principal": "HTTP/hadoop-machine1@HADOOP-MACHINE1"
    "kerberos.keytab": "/vagrant/keytabs/http.keytab"
    "kerberos.name.rules": "DEFAULT"

storm.thrift.transport : "backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin"
storm.principal.tolocal: "backtype.storm.security.auth.KerberosPrincipalToLocal"
storm.zookeeper.superACL: "sasl:stormc"
java.security.auth.login.config: "/home/wouri/apache-storm-0.10.0/conf/jaas.conf"
nimbus.authorizer: "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer"
nimbus.admins:
  - "stormc"
nimbus.supervisor.users:
  - "stormc"

nimbus.childopts: "-Xmx1024m -Djava.security.auth.login.config=/home/wouri/apache-storm-0.10.0/conf/jaas.conf"
ui.childopts: "-Xmx768m -Djava.security.auth.login.config=/home/wouri/apache-storm-0.10.0/conf/jaas.conf"
supervisor.childopts: "-Xmx256m -Djava.security.auth.login.config=/home/wouri/apache-storm-0.10.0/conf/jaas.conf"

下面是我的kerberos config krb5.conf:

[libdefaults]
        default_realm = HADOOP-MACHINE1
        dns_lookup_realm = true
        dns_lookup_kdc = true

[realms]
    HADOOP-MACHINE1 = {
       kdc = hadoop-machine1
       admin_server = hadoop-machine1
       master_key_type = aes256-cts-hmac-sha1-96
       supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal
        }

[domain_realm]
.hadoop-machine1 = HADOOP-MACHINE1
 hadoop-machine1 = HADOOP-MACHINE1

下面是jaas.conf文件:

StormServer {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/home/wouri/apache-storm-0.10.0/conf/storm.keytab"
storeKey=true
useTicketCache=false
principal="stormc/hadoop-machine1@HADOOP-MACHINE1";
};

StormClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/home/wouri/apache-storm-0.10.0/conf/storm.keytab"
storeKey=true
useTicketCache=false
serviceName="stormc"
principal="stormc/hadoop-machine1@HADOOP-MACHINE1";
};

Server {
     com.sun.security.auth.module.Krb5LoginModule required
     useKeyTab=true
     keyTab="/usr/local/zookeeper/conf/zookeeper.keytab"
     storeKey=true
     useTicketCache=false
     serviceName="zookeeper"
     principal="zookeeper/hadoop-machine1@HADOOP-MACHINE1";
 };

请问,有没有我丢失的配置标志?

kerberosapache-stormjaas

暂无答案!

目前还没有任何答案,快来回答吧!

我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备2022004421号-2 NULL123 https://www.null123.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com