更新时间:2023-12-22 GMT+08:00

HBase用户认证失败

用户问题

HBase用户认证失败。

问题现象

客户侧HBase用户认证失败,报错信息如下:

2019-05-13 10:53:09,975 ERROR [localhost-startStop-1] xxxConfig.LoginUtil: login failed with hbaseuser and /usr/local/linoseyc/hbase-tomcat/webapps/bigdata_hbase/WEB-INF/classes/user.keytab.
2019-05-13 10:53:09,975 ERROR [localhost-startStop-1] xxxConfig.LoginUtil: perhaps cause 1 is (wrong password) keytab file and user not match, you can kinit -k -t keytab user in client server to check.
2019-05-13 10:53:09,975 ERROR [localhost-startStop-1] xxxConfig.LoginUtil: perhaps cause 2 is (clock skew) time of local server and remote server not match, please check ntp to remote server.
2019-05-13 10:53:09,975 ERROR [localhost-startStop-1] xxxConfig.LoginUtil: perhaps cause 3 is (aes256 not support) aes256 not support by default jdk/jre, need copy local_policy.jar and US_export_policy.jar from remote server in path ${BIGDATA_HOME}/jdk/jre/lib/security.

原因分析

用户使用的JDK中的jar包与MRS服务认证的jar包版本不一致。

处理步骤

  1. root用户登录集群Master1节点。
  2. 执行如下命令,查看MRS服务认证的jar包。

    ll /opt/share/local_policy/local_policy.jar

    ll /opt/Bigdata/jdk{version}/jre/lib/security/local_policy.jar

  3. 将步骤2中的jar包下载到本地。
  4. 将下载的jar包替换到本地JDK目录/opt/Bigdata/jdk/jre/lib/security。
  5. 执行cd 客户端安装目录/HBase/hbase/bin命令,进入到HBase的bin目录。
  6. 执行sh start-hbase.sh命令,重启HBase组件。