Kerberos:检查总和失败的问题 [英] Kerberos: check sum failed issue

查看:415
本文介绍了Kerberos:检查总和失败的问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我看到KrbException:Checksum failed异常。
看起来像kerberos问题,但我无法弄清楚。



有关如何解决的任何指示将非常棒!
提前致谢

机器详情:

lsb_release -a



没有LSB模块可用。
经销商ID:Ubuntu
描述:Ubuntu 12.04.4 LTS
发布:12.04



java -version



Java版本1.7.0_55
OpenJDK运行环境(IcedTea 2.4.7)(7u55-2.4.7-1ubuntu1〜0.12.04.2)
OpenJDK 64位Server VM(build 24.51-b03,mixed mode)

pre $ < -thread-198]:server.TThreadPoolServer(TThreadPoolServer.java:run(215)) - 处理消息期间发生错误。
java.lang.RuntimeException:org.apache.thrift.transport.TTransportException:GSS启动失败
at org.apache.thrift.transport.TSaslServerTransport $ Factory.getTransport(TSaslServerTransport.java:219)
。在org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S $服务器$ TUGIAssumingTransportFactory $ 1.run(HadoopThriftAuthBridge20S.java:676)
在org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S $服务器$ TUGIAssumingTransportFactory $ 1运行(HadoopThriftAuthBridge20S.java:673)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1574)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S $ Server $ TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge20S.java:673)
在org.apache.thrift.server.TThreadPoolServer $ WorkerProcess.run(TThr $ java.util.concurrent.ThreadPoolExecutor.runWorker
(ThreadPoolExecutor.java:1145)$ java.util.concurrent.ThreadPoolExecutor
$ Worker.run(ThreadPoolExecutor.java:615)
在java.lang.Thread.run(Thread.java:744)
引起:org.apache.thrift.transport.TTransportException:GSS在org.apache.thrift处启动失败
。 transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:221)
处org.apache.thrift.transport.TSaslServerTransport org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:297)
。打开(TSaslServerTransport.java:41)
at org.apache.thrift.transport.TSaslServerTransport $ Factory.getTransport(TSaslServerTransport.java:216)
... 10 more
2014-06- 17 22:19:25,481错误[pool-6-thread-198]:transport.TSaslTransport(TSaslTransport.java:open(296)) - SASL协商失败
javax.security.sasl.SaslException:GSS启动失败[由...引起GSSException:在GSS-API级别未指定失败(机制级别:Checksum失败)]
at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:177)
at org.apache .thrift.transport.TSaslTransport $ SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:509)
在org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:264)
在org.apache.thrift .transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
在org.apache.thrift.transport.TSaslServerTransport $ Factory.getTransport(TSaslServerTransport.java:216)
在org.apache.hadoop.hive .hrift.HadoopThriftAuthBridge20S $ Server $ TUGIAssumingTransportFactory $ 1.run(HadoopThriftAuthBridge20S.java:676)
at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S $ Server $ TUGIAssumingTransportFactory $ 1.run(HadoopThriftAuthBridge20S.java:673)
在java.security.AccessController.doPrivileged(本地方法)
at javax.security.auth.Subject.doAs(Subject.java:356)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1574)
at org.apache .hadoop.hive.thrift.HadoopThriftAuthBridge20S $ Server $ TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge20S.java:673)
at org.apache.thrift.server.TThreadPoolServer $ WorkerProcess.run(TThreadPoolServer.java:189)
在java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
在java.util.concurrent.ThreadPoolExecutor $ Worker.run(ThreadPoolExecutor.java:615)$ b $在java.lang.Thread .run(Thread.java:744)
导致:GSSException:在GSS-API级别未指定的失败(机制级别:Checksum失败)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context .java:788)
at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
at sun.security.jgss.GSSContex tImpl.acceptSecContext(GSSContextImpl.java:285)
at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:155)
... 14 more
引起:KrbException:校验和失败
at sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType.java:96)
at sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType .java:88)
at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:177)
at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)
。在sun.security.krb5.KrbApReq<初始化>(KrbApReq.java:144)
。在sun.security.jgss.krb5.InitSecContextToken<初始化>(InitSecContextToken.java:108)
at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:771)
... 17 more
导致:java.security.GeneralSecurityException:Checksum失败
在太阳.security.krb5.i nternal.crypto.dk.DkCrypto.decrypt(DkCrypto.java:362)
at sun.security.krb5.internal.crypto.Des3.decrypt(Des3.java:79)
at sun.security。 krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType.java:94)
... 23 more
2014-06-17 22:19:25,482错误[pool-6-thread-198]: server.TThreadPoolServer(TThreadPoolServer.java:run(215)) - 处理消息期间发生错误。
java.lang.RuntimeException:org.apache.thrift.transport.TTransportException:GSS启动失败
at org.apache.thrift.transport.TSaslServerTransport $ Factory.getTransport(TSaslServerTransport.java:219)
。在org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S $服务器$ TUGIAssumingTransportFactory $ 1.run(HadoopThriftAuthBridge20S.java:676)
在org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S $服务器$ TUGIAssumingTransportFactory $ 1运行(HadoopThriftAuthBridge20S.java:673)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:356)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1574)
在org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S $服务器$ TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge20S.java:673)
在org.apache.thrift.server.TThreadPoolServer $ WorkerProcess.run(TThr $ java.util.concurrent.ThreadPoolExecutor.runWorker
(ThreadPoolExecutor.java:1145)$ java.util.concurrent.ThreadPoolExecutor
$ Worker.run(ThreadPoolExecutor.java:615)
在java.lang.Thread.run(Thread.java:744)
引起:org.apache.thrift.transport.TTransportException:GSS在org.apache.thrift处启动失败
。 transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:221)
处org.apache.thrift.transport.TSaslServerTransport org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:297)
。打开(TSaslServerTransport.java:41)
at org.apache.thrift.transport.TSaslServerTransport $ Factory.getTransport(TSaslServerTransport.java:216)
... 10 more


解决方案

我在使用Kerberos部署Hadoop安全模式时遇到此问题,同样的原因:地址没有设置FQDN(完全限定的域名)。
$ b

假设机器的主机名是 ts01.test.com



错误的例子: 

 < property> 
< name> dfs.namenode.rpc-address.hdfs1< / name> 
<值> 192.168.1.101:8020< /值> 
< / property>





错误的例子:

 <属性> 
< name> dfs.namenode.rpc-address.hdfs1< / name> 
<值> ts01:8020< /值> 
< / property>





正确的示例:

 <属性> 
< name> dfs.namenode.rpc-address.hdfs1< / name> 
<值> ts01.test.com:8020< /值> 
< / property>





您应该保留所有地址在FQDN中,不只是 dfs.namenode.rpc-address


I am seeing the" KrbException: Checksum failed" Exception. Looks like kerberos issue but I am not able to figure out.

Any pointers on how to resolve will be great! Thanks in advance.

Machine details:

lsb_release -a

No LSB modules are available. Distributor ID: Ubuntu Description: Ubuntu 12.04.4 LTS Release: 12.04

java -version

java version "1.7.0_55" OpenJDK Runtime Environment (IcedTea 2.4.7) (7u55-2.4.7-1ubuntu1~0.12.04.2) OpenJDK 64-Bit Server VM (build 24.51-b03, mixed mode)

2014-06-17 22:19:24,475 ERROR [pool-6-thread-198]: server.TThreadPoolServer (TThreadPoolServer.java:run(215)) - Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: GSS initiate failed
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge20S.java:676)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge20S.java:673)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:356)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1574)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge20S.java:673)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:189)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:744)
Caused by: org.apache.thrift.transport.TTransportException: GSS initiate failed
        at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:221)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:297)
        at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        ... 10 more
2014-06-17 22:19:25,481 ERROR [pool-6-thread-198]: transport.TSaslTransport (TSaslTransport.java:open(296)) - SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)]
        at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:177)
        at org.apache.thrift.transport.TSaslTransport$SaslParticipant.evaluateChallengeOrResponse(TSaslTransport.java:509)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:264)
        at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge20S.java:676)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge20S.java:673)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:356)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1574)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge20S.java:673)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:189)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:744)
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:788)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
        at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:155)
        ... 14 more
Caused by: KrbException: Checksum failed
        at sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType.java:96)
        at sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType.java:88)
        at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:177)
        at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:278)
        at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
        at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:771)
        ... 17 more
Caused by: java.security.GeneralSecurityException: Checksum failed
        at sun.security.krb5.internal.crypto.dk.DkCrypto.decrypt(DkCrypto.java:362)
        at sun.security.krb5.internal.crypto.Des3.decrypt(Des3.java:79)
        at sun.security.krb5.internal.crypto.Des3CbcHmacSha1KdEType.decrypt(Des3CbcHmacSha1KdEType.java:94)
        ... 23 more
2014-06-17 22:19:25,482 ERROR [pool-6-thread-198]: server.TThreadPoolServer (TThreadPoolServer.java:run(215)) - Error occurred during processing of message.
java.lang.RuntimeException: org.apache.thrift.transport.TTransportException: GSS initiate failed
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:219)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge20S.java:676)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory$1.run(HadoopThriftAuthBridge20S.java:673)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:356)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1574)
        at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge20S$Server$TUGIAssumingTransportFactory.getTransport(HadoopThriftAuthBridge20S.java:673)
        at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:189)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
        at java.lang.Thread.run(Thread.java:744)
Caused by: org.apache.thrift.transport.TTransportException: GSS initiate failed
        at org.apache.thrift.transport.TSaslTransport.sendAndThrowMessage(TSaslTransport.java:221)
        at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:297)
        at org.apache.thrift.transport.TSaslServerTransport.open(TSaslServerTransport.java:41)
        at org.apache.thrift.transport.TSaslServerTransport$Factory.getTransport(TSaslServerTransport.java:216)
        ... 10 more

解决方案

I meet this problem server times when I deploy Hadoop Secure Mode with Kerberos, they are caused by the same reason: addresses are not set in FQDN (fully qualified domain name).

Suppose the machine's hostname is ts01.test.com

Wrong example:

<property>
    <name>dfs.namenode.rpc-address.hdfs1</name>
    <value>192.168.1.101:8020</value>
</property>

Wrong example:

<property>
    <name>dfs.namenode.rpc-address.hdfs1</name>
    <value>ts01:8020</value>
</property>

Right example:

<property>
    <name>dfs.namenode.rpc-address.hdfs1</name>
    <value>ts01.test.com:8020</value>
</property>

You should keep all your address is in FQDN, not just dfs.namenode.rpc-address.

这篇关于Kerberos:检查总和失败的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
Java开发最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆