I'm trying to login to ZK using kerberos, and then perform some operations. However, the following doesn't work:
2016-02-19 16:31:32,572 [myid:] - INFO [Thread-1:Login@397] -Initiating re-login for <me/hostname@EXAMPLE.COM>
2016-02-19 16:31:32,588 [myid:] - INFO [Thread-1:Login@301] - TGT valid starting at: Fri Feb 19 16:31:32 PST 2016
2016-02-19 16:31:32,588 [myid:] - INFO [Thread-1:Login@302] - TGT expires: Fri Feb 19 16:46:32 PST 2016
2016-02-19 16:31:32,588 [myid:] - INFO [Thread-1:Login$1@181] - TGT refresh sleeping until: Fri Feb 19 16:43:50 PST 2016
[zk: hostname(CONNECTED) 11]
[zk: hostname(CONNECTED) 11] getAcl /zk-test
'sasl,'me/hostname@EXAMPLE.COM@: cdrwa
[zk: hostname(CONNECTED) 12] ls /zk-test
Authentication is not valid : /zk-testEven though I've already logged in using the principal me/hostname@EXAMPLE.COM , and the ACL for /zk-test is sasl:me/hostname@EXAMPLE.COM:cdrwa , I still cannot do simple stuff like ls /zk-test . Anyone know why? Thanks.
3条答案
按热度按时间yebdmbv41#
I wasted an hour of my life on this (thanks to poor documentation of zookeeper - everything is scattered), I want to make sure no one else does, thankfully someone who knows everything at our workplace helped me out ;)
Do this before you start zkCli -server blahblah:2181
make sure you have jaas conf in tmp folder - I used something like this -
it will work now.
fhg3lkii2#
jaas.conf file is needed:
Set environment variables for you current session:
export JVMFLAGS="-Djava.security.auth.login.config=/home/myUser/jaas.conf"Finally connect to server:
zookeeper-client -server myServerIpI've written a blog pos t about this as a note to self that should be a bit more complete.
luaexgnf3#
another way to start yarn is to change yarn config:
change the path to a new location ,so that zk auth error can be avoid.
FIY: https://hadoop.apache.org/docs/r2.6.0/hadoop-yarn/hadoop-yarn-common/yarn-default.xml