文档首页 > > 开发指南> Presto应用开发> FAQ> 在集群外节点连接开启Kerberos认证的集群,HTTP在Kerberos数据库中无法找到相应的记录

在集群外节点连接开启Kerberos认证的集群,HTTP在Kerberos数据库中无法找到相应的记录

分享
更新时间: 2020/06/19 GMT+08:00

问题

presto-examples-1.0-SNAPSHOT-jar-with-dependencies.jar在集群内节点运行时正常,但在集群外节点运行PrestoJDBCExample连接开启Kerberos的集群时出现以下两种报错。

报错1:

java.sql.SQLException:
Kerberos error for [HTTP@10.33.11.138]: No valid credentials provided
(Mechanism level: No valid credentials provided (Mechanism level: Server not
found in Kerberos database (7) - UNKNOWN_SERVER))
at
io.prestosql.jdbc.PrestoStatement.internalExecute(PrestoStatement.java:281)
at
io.prestosql.jdbc.PrestoStatement.execute(PrestoStatement.java:229)
at
io.prestosql.jdbc.PrestoStatement.executeQuery(PrestoStatement.java:78)
at PrestoJDBCExample.main(PrestoJDBCExample.java:68)
Caused by:
io.prestosql.jdbc.$internal.client.ClientException: Kerberos error for
[HTTP@10.33.11.138]: No valid credentials provided (Mechanism level: No valid
credentials provided (Mechanism level: Server not found in Kerberos database
(7) - UNKNOWN_SERVER))
at
io.prestosql.jdbc.$internal.client.SpnegoHandler.generateToken(SpnegoHandler.java:174)
at
io.prestosql.jdbc.$internal.client.SpnegoHandler.authenticate(SpnegoHandler.java:140)
at
io.prestosql.jdbc.$internal.client.SpnegoHandler.authenticate(SpnegoHandler.java:128)
at
io.prestosql.jdbc.$internal.okhttp3.internal.http.RetryAndFollowUpInterceptor.followUpRequest(RetryAndFollowUpInterceptor.java:289)
at
io.prestosql.jdbc.$internal.okhttp3.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:157)
at
io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at
io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at
io.prestosql.jdbc.$internal.client.SpnegoHandler.intercept(SpnegoHandler.java:115)
at
io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at
io.prestosql.jdbc.$internal.client.OkHttpUtil.lambda$userAgent$0(OkHttpUtil.java:64)
at
io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
at
io.prestosql.jdbc.$internal.okhttp3.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
at
io.prestosql.jdbc.$internal.okhttp3.RealCall.getResponseWithInterceptorChain(RealCall.java:200)
at
io.prestosql.jdbc.$internal.okhttp3.RealCall.execute(RealCall.java:77)
at
io.prestosql.jdbc.$internal.client.JsonResponse.execute(JsonResponse.java:131)
at
io.prestosql.jdbc.$internal.client.StatementClientV1.<init>(StatementClientV1.java:132)
at
io.prestosql.jdbc.$internal.client.StatementClientFactory.newStatementClient(StatementClientFactory.java:24)
at
io.prestosql.jdbc.QueryExecutor.startQuery(QueryExecutor.java:46)
at io.prestosql.jdbc.PrestoConnection.startQuery(PrestoConnection.java:714)
at
io.prestosql.jdbc.PrestoStatement.internalExecute(PrestoStatement.java:241)
... 3 more
Caused by: GSSException:
No valid credentials provided (Mechanism level: No valid credentials provided
(Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER))
at
sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:454)
at
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at
io.prestosql.jdbc.$internal.client.SpnegoHandler.generateToken(SpnegoHandler.java:167)
... 23 more
Caused by: GSSException:
No valid credentials provided (Mechanism level: Server not found in Kerberos database
(7) - UNKNOWN_SERVER)
at
sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:772)
at
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at
sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at
sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:882)
at
sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:317)
... 26 more
Caused by: KrbException:
Server not found in Kerberos database (7) - UNKNOWN_SERVER
at
sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
at
sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
at
sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
at
sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308)
at
sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126)
at
sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:466)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:695)
... 30 more
Caused by: KrbException:
Identifier doesn't match expected value (906)
at
sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
at
sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
at
sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
at
sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
... 36 more

报错2:

java.sql.SQLException:
Authentication failed: Authentication failed for token:
YIIC1wYGKwYBBQUCoIICyzCCAsegDTALBgkqhkiG9xIBAgKhBAMCAXaiggKuBIICqmCCAqYGg0MjBfNzI0Q180QUFCX0FBOEJfNzIwN0E3OEUwOEU1LkNPTaIfMB2gAwIBAKEWMBQbBEhUVFAbDDE5Mi4xNjguMC45MaOCASYwggEioAMCARKhAwIBAaKCARQEggEQpYLaTplwpMc0EjXgU/+bAn9Evk1UHysyhTPajzFpHtxzTAZCPm85ROufJ+cLlIoGEcp2JBH9Le8bSL2Y1cE0mdK2MIw2+S7J9G0mZKQYugMUXoIqS14XbnA8tvngPEXFa6e15lnqEUoRNb4yHt7Rr/zRvsPbWKCU4HQNkBtI8HSKAid2K2JpTuVvXkOQpa+kgfMwgfCgAwIBEqKB6ASB5U3I4qvcqbfPhy+0o97agfW9xBfeuZUjfKUUQC165Z8nbY7RJmM+3v6mrqsYRcGG2Agepd9F+neeL7Ljcf7ASzfSb4otvPDTWsvo7/TS097xdi+ixkyjDP4EDfbwXaYwASU9zXZZ75FJoO+lY3DLsyX68rgwSJioIIjK4jDRqVVoXTNRbeWipkIOoLsXHf9q+qUBQvbd3xhUIkPkng6pOCRV9gr6E=
        at
com.facebook.presto.jdbc.PrestoStatement.internalExecute(PrestoStatement.java:271)
        at
com.facebook.presto.jdbc.PrestoStatement.execute(PrestoStatement.java:227)
        at
com.facebook.presto.jdbc.PrestoStatement.executeQuery(PrestoStatement.java:76)
        at
PrestoJDBCExample.main(PrestoJDBCExample.java:65)
Caused by:
com.facebook.presto.jdbc.internal.client.ClientException: Authentication failed:
Authentication failed for token:
YIIC1wYGKwYBBQUCoIICyzCCAsogcDBQAgAAAAo4IBhGGCAYAwggF8oAMCAQWhKhsoNDI1Nzg0MjBfNzI0Q180QUFCX0FBOEJfNzIwN0E3OEUwOEU1LkNPTaIfMB2gAwIBAKEWMBQbBEhUVFAbDDE5Mi4xNjguMC45MaOCASYwggEioAMtRrGdWOQlMggfUPbendaKESx1QtuEpJuoGtyPJ9QzKI4rbk1UHysyhTPajzFpHtxzTAZCPm85ROufJ+cLlIoGEcp2JBH9Le8bSL2Y1cE0mdK2MIw2+S7J9G0mZKQYugMUXoIqS14XbnA8tvngPEXFa6xEICV2sE02w1fNdOMilfeqZffUMfNBSanRkHQFW1xlyb3EK2JpTuVvXkOQpa+kgfMwgfCgAwIBEqKB6ASB5U3I4qvcqbfPhy+0o97agfW9xBfeuZUjfKUUQC165Z8nbY7RJmM+3v6mrqsYRcGG2AgepV2NKDSySvpgzPEfGspJPkVeBbi5YJSVL3G/fOFNkpLDjDpjDP4EDfbwXaYwASU9zXZZ75FJoO+lY3DLsyX68rgwSJioIIjK4jDRqVVoXTNRbeWipkIOoLsXHf9q+qUBQvbd3xhUIkPkng6pOCRV9gr6
        at
com.facebook.presto.jdbc.internal.client.StatementClientV1.requestFailedException(StatementClientV1.java:432)
        at
com.facebook.presto.jdbc.internal.client.StatementClientV1.<init>(StatementClientV1.java:132)
        at
com.facebook.presto.jdbc.internal.client.StatementClientFactory.newStatementClient(StatementClientFactory.java:24)
        at
com.facebook.presto.jdbc.QueryExecutor.startQuery(QueryExecutor.java:46)
        at
com.facebook.presto.jdbc.PrestoConnection.startQuery(PrestoConnection.java:683)
        at
com.facebook.presto.jdbc.PrestoStatement.internalExecute(PrestoStatement.java:239)
        ... 3 more

回答

客户端拼接出的HTTP的principal与Kerberos数据库中的不一致(报错1)或获取的token无法链接Presto。

在集群上执行cat /etc/hosts,将Presto coordinator的IP和hostname加入当前节点的/etc/hosts中。

分享:

    相关文档

    相关产品

文档是否有解决您的问题?

提交成功!

非常感谢您的反馈,我们会继续努力做到更好!

反馈提交失败,请稍后再试!

*必选

请至少选择或填写一项反馈信息

字符长度不能超过200

提交反馈 取消

如您有其它疑问,您也可以通过华为云社区问答频道来与我们联系探讨

智能客服提问云社区提问