PCF Spring Boot webhdfs Kerebros Аутентификация: KDC не поддерживает тип шифрования (14) - BAD_ENCRYPTION_TYPE

Мы пытаемся подключиться к URL-адресу webhdfs в Microservice, используя приведенный здесь пример https://www.ibm.com/support/knowledgecenter/en/SSPT3X_3.0.0/com.ibm.swg.im.infosphere.biginsights .admin.doc / doc / kerberos_httpfs.html

Я создал файл conf для того же самого и сохранил его в местоположении ресурсов

    [libdefaults]
     allow_weak_crypto = true
     default_realm = CLOUD.CORP.XXXXXX.XXX
     # kdc will be obtained through DNS SRV
     dns_lookup_kdc = true
     dns_lookup_realm = true
     forwardable = true
     default_tkt_enctypes = aes256-cts aes128-cts
     default_etypes = aes256-cts aes128-cts
     default_tgs_enctypes = aes256-cts aes128-cts
     permitted_enctypes = aes256-cts aes128-cts
     ticket_lifetime = 24h
     rdns = true
    [realms]
    CLOUD.CORP.XXXXXX.XXX = {
     kdc = abc-dv-def0.cloud.corp.XXXXXX.XXX:88
     master_kdc = abc-dv-def0.cloud.corp.XXXXXX.XXX:88
    }
    [domain_realm]
     .cloud.corp.XXXXXX.XXX = CLOUD.CORP.XXXXXX.XXX
     cloud.corp.XXXXXX.XXX = CLOUD.CORP.XXXXXX.XXX
     abc-dv-def0.cloud.corp.XXXXXX.XXX = CLOUD.CORP.XXXXXX.XXX

Фрагмент java-кода выглядит следующим образом [ ! d3]

    Configuration conf = new Configuration();
    conf.set("hadoop.security.authentication", "kerberos");
    conf.set("hadoop.home.dir", "/");
    UserGroupInformation.setConfiguration(conf);
    System.out.println("--------------loginWithKeytab--------");
    UserGroupInformation loginUser = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytabUrl);
    UserGroupInformation.setLoginUser(loginUser);

    String user = UserGroupInformation.getCurrentUser().getUserName();
    System.out.println("Starting the connection for User:::"+user);

    try {
        System.out.println("Starting the connection::"+UserGroupInformation.getLoginUser());


        URL url = new URL("http://lb-abcdef-dv-abc.cloud.corp.xxxxxxx.xxx:14000/webhdfs/v1/user/xxx-xxxxx/xxxxx/data.txt?op=OPEN");
        HttpURLConnection connection = UserGroupInformation.getLoginUser()
                .doAs(new PrivilegedExceptionAction<HttpURLConnection>() {
                    public HttpURLConnection run() throws Exception {
                        AuthenticatedURL.Token token = new AuthenticatedURL.Token();
                        return new AuthenticatedURL().openConnection(url,token);
                    }
                });
        connection.setRequestMethod("POST");
        connection.setDoInput(true);
        connection.setDoOutput(true);
        System.out.println("Connection Established:::"+connection.getResponseCode());
        System.out.println("Connection Established:::"+connection.getResponseMessage());
        InputStream in = connection.getInputStream();
        int ch;
        while((ch=in.read())!=-1)
        {
            System.out.println("File received...");
            System.out.println((char)ch);
        }
    } catch (InterruptedException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

Я создал свой собственный buildpack для развертывания в PCF и добавил local_policy.jar для неограниченной прочности (JCE), чтобы он накладывался при распаковке в PCF. [D1] https://www.ibm.com/support/knowledgecenter/en/SSPT3X_3.0.0/com.ibm.swg.im.infosphere.biginsights.admin.doc/doc/kerberos_httpfs.html

Однако я продолжаю получать ту же ошибку

    2018-08-13T12:32:27.660+05:30 [APP/PROC/WEB/0] [OUT] Starting the connection for User:::xxx-xxxxx@CLOUD.CORP.XXXXXX.XXX : **After the Auth , I print the Current user Using UserGroupInformation**
    2018-08-13T12:32:27.660+05:30 [APP/PROC/WEB/0] [OUT] Starting the connection::xxx-xxxxx@CLOUD.CORP.XXXXXX.XXX (auth:KERBEROS) : **After the Auth , I print the Current user Using UserGroupInformation**

    2018-08-13T12:32:27.745+05:30 [APP/PROC/WEB/0] [OUT] Found ticket for xxx-xxxxx@CLOUD.CORP.XXXXXX.XXX to go to krbtgt/CLOUD.CORP.XXXXXX.XXX@CLOUD.CORP.XXXXXX.XXX expiring on Tue Aug 14 07:02:27 UTC 2018 : Ticket is created with 1 day expiry
    2018-08-13T12:32:27.746+05:30 [APP/PROC/WEB/0] [OUT] Entered Krb5Context.initSecContext with state=STATE_NEW
    2018-08-13T12:32:27.747+05:30 [APP/PROC/WEB/0] [OUT] Service ticket not found in the subject : **Does this mean that the Ticket is not passed to the URL ?**
    2018-08-13T12:32:27.747+05:30 [APP/PROC/WEB/0] [OUT] >>> Credentials acquireServiceCreds: same realm
    2018-08-13T12:32:27.747+05:30 [APP/PROC/WEB/0] [OUT] default etypes for default_tgs_enctypes: 18 17.
    2018-08-13T12:32:27.748+05:30 [APP/PROC/WEB/0] [OUT] >>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
    2018-08-13T12:32:27.749+05:30 [APP/PROC/WEB/0] [OUT] >>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
    2018-08-13T12:32:27.750+05:30 [APP/PROC/WEB/0] [OUT] >>> KrbKdcReq send: kdc=dhb2b-dv-kdsc0.cloud.corp.XXXXXX.XXX UDP:88, timeout=30000, number of retries =3, #bytes=735
    2018-08-13T12:32:27.750+05:30 [APP/PROC/WEB/0] [OUT] >>> KDCXXXmunication: kdc=dhb2b-dv-kdsc0.cloud.corp.XXXXXX.XXX UDP:88, timeout=30000,Attempt =1, #bytes=735
    2018-08-13T12:32:27.770+05:30 [APP/PROC/WEB/0] [OUT] >>> KrbKdcReq send: #bytes read=231
    2018-08-13T12:32:27.770+05:30 [APP/PROC/WEB/0] [OUT] >>> KdcAccessibility: remove dhb2b-dv-kdsc0.cloud.corp.XXXXXX.XXX:88
    2018-08-13T12:32:27.771+05:30 [APP/PROC/WEB/0] [OUT] >>> KDCRep: init() encoding tag is 126 req type is 13
    2018-08-13T12:32:27.771+05:30 [APP/PROC/WEB/0] [OUT] >>>KRBError:
    2018-08-13T12:32:27.771+05:30 [APP/PROC/WEB/0] [OUT] cTime is Tue Jan 15 14:05:46 UTC 1985 474645946000
    2018-08-13T12:32:27.771+05:30 [APP/PROC/WEB/0] [OUT] sTime is Mon Aug 13 07:02:27 UTC 2018 1534143747000
    2018-08-13T12:32:27.771+05:30 [APP/PROC/WEB/0] [OUT] suSec is 764299
    2018-08-13T12:32:27.771+05:30 [APP/PROC/WEB/0] [OUT] error code is 14
    2018-08-13T12:32:27.771+05:30 [APP/PROC/WEB/0] [OUT] error Message is KDC has no support for encryption type
    2018-08-13T12:32:27.771+05:30 [APP/PROC/WEB/0] [OUT] cname is xxx-xxxxx@CLOUD.CORP.XXXXXX.XXX
    2018-08-13T12:32:27.771+05:30 [APP/PROC/WEB/0] [OUT] sname is HTTP/lb-abcdef-dv-abc.cloud.corp.XXXXXX.XXX@CLOUD.CORP.XXXXXX.XXX
    2018-08-13T12:32:27.771+05:30 [APP/PROC/WEB/0] [OUT] msgType is 30
    2018-08-13T12:32:27.772+05:30 [APP/PROC/WEB/0] [ERR] KrbException: KDC has no support for encryption type (14) - BAD_ENCRYPTION_TYPE

Я также попытался добавить rc4-hmac, но все равно получаю ту же ошибку. Любая помощь очень приветствуется.

0
задан 13 August 2018 в 15:50

0 ответов

Другие вопросы по тегам:

Похожие вопросы: