Kerberos | Cloudera | KrbException：使用HMAC SHA1-96加密类型AES256 CTS模式

本文介绍了Kerberos | Cloudera | KrbException：使用HMAC SHA1-96加密类型AES256 CTS模式的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！问题描述 29岁程序员，3月因学历无情被辞！我一直在尝试为使用Cloudera Manager安装程序设置的CDH 4.5安装Kerberos。I have been trying to setup Kerberos for CDH 4.5 which was setup using the Cloudera Manager Installer.这些说明来自以下链接： http://www.cloudera.com/content/cloudera-content/cloudera-docs/CM4Ent/4.5.2/Configuring-Hadoop-Security-with-Cloudera-Manager/cmeechs_topic_4.htmlThe instructions are from the following link:http://www.cloudera.com/content/cloudera-content/cloudera-docs/CM4Ent/4.5.2/Configuring-Hadoop-Security-with-Cloudera-Manager/cmeechs_topic_4.html设置KDC后，我将JCE策略的Java 6文件复制到以下位置： /usr/java/jdk1.6.0_31/lib/security/After setting up and KDC I copied the JCE policy for Java 6 files to the following location:/usr/java/jdk1.6.0_31/lib/security/以下是我的/var/kerberos/krb5kdc/kdc.conf文件：Following is my "/var/kerberos/krb5kdc/kdc.conf" file:[kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88[realms] MYREALM.COM = { master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal }以下是我的/ etc / krb5.conf文件：Following is my "/etc/krb5.conf" file:[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log[libdefaults] default_realm = MYREALM.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true[realms] MYREALM.COM = { kdc = node1.hcluster admin_server = node1.hcluster }[domain_realm] .hcluster = MYREALM.COM hcluster = MYREALM.COM该文件存在于所有节点中。This file is present in all the nodes.然而，按照指示完成所有步骤后服务无法相互通信。以下是来自namenode日志的例外：However after following all the steps from the instructions all services fail to communicate with each other.Following is the exception from the namenode logs:2014-02-05 11:42:35,072 INFO org.apache.hadoop.ipc.Server: IPC Server listener on 8022: readAndProcess threw exception javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)] from client 10.1.3.104. Count of bytes read: 0javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled)] at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:159) at org.apache.hadoop.ipc.Server$Connection.saslReadAndProcess(Server.java:1250) at org.apache.hadoop.ipc.Server$Connection.readAndProcess(Server.java:1456) at org.apache.hadoop.ipc.Server$Listener.doRead(Server.java:759) at org.apache.hadoop.ipc.Server$Listener$Reader.doRunLoop(Server.java:557) at org.apache.hadoop.ipc.Server$Listener$Reader.run(Server.java:532)Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323) at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267) at com.sun.security.sasl.gsskerb.GssKrb5Server.evaluateResponse(GssKrb5Server.java:137) ... 5 moreCaused by: KrbException: Encryption type AES256 CTS mode with HMAC SHA1-96 is not supported/enabled at sun.security.krb5.EncryptionKey.findKey(EncryptionKey.java:481) at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:260) at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134) at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79) at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724) ... 8 more任何帮助真的很感谢。推荐答案我w能够从Cloudera得到一些帮助，并发现错误在JCE策略罐的位置。I was able to get some help from Cloudera and figured out that the mistake was in the location for the JCE policy jars.正确的位置是： / usr / java / jdk1.6.0_31 / jre / lib / security /. 这篇关于Kerberos | Cloudera | KrbException：使用HMAC SHA1-96加密类型AES256 CTS模式的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！上岸，阿里云！