hive认证kerberos后hiveserver2连接失败
作者:互联网
beeline -u "jdbc:hive2://192.168.1.231:10000/;principal=hive/test01@PARA.COM"这是连接命令
报错:
(上面的命令报错是因为kerberos的域名为三部分,这边少写了一部分)
下边报错后在CM页面看到hive Metastore运行不良,就去看了眼日志
-----------------------------------------------------------------------------------
Metastore日志:
[main]: Metastore Thrift Server threw an exception... org.apache.thrift.transport.TTransportException: org.apache.hadoop.security.KerberosAuthException: failure to login: for principal: hive/test01@PARA.COM from keytab hive.keytab javax.security.auth.login.LoginException: Checksum failed at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server.<init>(HadoopThriftAuthBridge.java:327) ~[hive-exec-2.1.1-cdh6.3.2.jar:2.1.1-cdh6.3.2] at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge.createServer(HadoopThriftAuthBridge.java:101) ~[hive-exec-2.1.1-cdh6.3.2.jar:2.1.1-cdh6.3.2] at org.apache.hadoop.hive.metastore.HiveMetaStore.startMetaStore(HiveMetaStore.java:7291) ~[hive-exec-2.1.1-cdh6.3.2.jar:2.1.1-cdh6.3.2] at org.apache.hadoop.hive.metastore.HiveMetaStore.main(HiveMetaStore.java:7210) [hive-exec-2.1.1-cdh6.3.2.jar:2.1.1-cdh6.3.2] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at org.apache.hadoop.util.RunJar.run(RunJar.java:313) [hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.util.RunJar.main(RunJar.java:227) [hadoop-common-3.0.0-cdh6.3.2.jar:?] Caused by: org.apache.hadoop.security.KerberosAuthException: failure to login: for principal: hive/test01@PARA.COM from keytab hive.keytab javax.security.auth.login.LoginException: Checksum failed at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:1992) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1360) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1140) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server.<init>(HadoopThriftAuthBridge.java:322) ~[hive-exec-2.1.1-cdh6.3.2.jar:2.1.1-cdh6.3.2] ... 9 more Caused by: javax.security.auth.login.LoginException: Checksum failed at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:804) ~[?:1.8.0_181] at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[?:1.8.0_181] at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.login(LoginContext.java:587) ~[?:1.8.0_181] at org.apache.hadoop.security.UserGroupInformation$HadoopLoginContext.login(UserGroupInformation.java:2070) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:1982) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1360) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1140) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server.<init>(HadoopThriftAuthBridge.java:322) ~[hive-exec-2.1.1-cdh6.3.2.jar:2.1.1-cdh6.3.2] ... 9 more Caused by: sun.security.krb5.KrbCryptoException: Checksum failed at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:102) ~[?:1.8.0_181] at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:94) ~[?:1.8.0_181] at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175) ~[?:1.8.0_181] at sun.security.krb5.KrbAsRep.decrypt(KrbAsRep.java:149) ~[?:1.8.0_181] at sun.security.krb5.KrbAsRep.decryptUsingKeyTab(KrbAsRep.java:121) ~[?:1.8.0_181] at sun.security.krb5.KrbAsReqBuilder.resolve(KrbAsReqBuilder.java:285) ~[?:1.8.0_181] at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361) ~[?:1.8.0_181] at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:776) ~[?:1.8.0_181] at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[?:1.8.0_181] at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.login(LoginContext.java:587) ~[?:1.8.0_181] at org.apache.hadoop.security.UserGroupInformation$HadoopLoginContext.login(UserGroupInformation.java:2070) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:1982) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1360) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1140) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server.<init>(HadoopThriftAuthBridge.java:322) ~[hive-exec-2.1.1-cdh6.3.2.jar:2.1.1-cdh6.3.2] ... 9 more Caused by: java.security.GeneralSecurityException: Checksum failed at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decryptCTS(AesDkCrypto.java:451) ~[?:1.8.0_181] at sun.security.krb5.internal.crypto.dk.AesDkCrypto.decrypt(AesDkCrypto.java:272) ~[?:1.8.0_181] at sun.security.krb5.internal.crypto.Aes256.decrypt(Aes256.java:76) ~[?:1.8.0_181] at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:100) ~[?:1.8.0_181] at sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType.decrypt(Aes256CtsHmacSha1EType.java:94) ~[?:1.8.0_181] at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:175) ~[?:1.8.0_181] at sun.security.krb5.KrbAsRep.decrypt(KrbAsRep.java:149) ~[?:1.8.0_181] at sun.security.krb5.KrbAsRep.decryptUsingKeyTab(KrbAsRep.java:121) ~[?:1.8.0_181] at sun.security.krb5.KrbAsReqBuilder.resolve(KrbAsReqBuilder.java:285) ~[?:1.8.0_181] at sun.security.krb5.KrbAsReqBuilder.action(KrbAsReqBuilder.java:361) ~[?:1.8.0_181] at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:776) ~[?:1.8.0_181] at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:1.8.0_181] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:1.8.0_181] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_181] at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) ~[?:1.8.0_181] at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) ~[?:1.8.0_181] at javax.security.auth.login.LoginContext.login(LoginContext.java:587) ~[?:1.8.0_181] at org.apache.hadoop.security.UserGroupInformation$HadoopLoginContext.login(UserGroupInformation.java:2070) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.security.UserGroupInformation.doSubjectLogin(UserGroupInformation.java:1982) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytabAndReturnUGI(UserGroupInformation.java:1360) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.security.UserGroupInformation.loginUserFromKeytab(UserGroupInformation.java:1140) ~[hadoop-common-3.0.0-cdh6.3.2.jar:?] at org.apache.hadoop.hive.thrift.HadoopThriftAuthBridge$Server.<init>(HadoopThriftAuthBridge.java:322) ~[hive-exec-2.1.1-cdh6.3.2.jar:2.1.1-cdh6.3.2] ... 9 more
---------------------------------------------------------------------------------------------------
大概可以看到是因为kerberos的票据问件出问题了 ,
参考启用Kerberos后CDH集群的HiveServer2频繁意外退出故障解决附带CDH更新Principal keytab过程_王若鱼的博客-CSDN博客
只要在CM页面中重新生成kerberos凭据后解决问题
(如果不成功的话可能还是因为.keytab文件的问题 ,在kadmin.locla命令行中重新生成)
标签:LoginContext,java,kerberos,1.8,hadoop,hive,hiveserver2,181,security 来源: https://blog.csdn.net/weixin_45392855/article/details/118722411