hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daryn Sharp <da...@yahoo-inc.com>
Subject Re: How to connect to hadoop through ssh tunnel and kerberos authentication
Date Thu, 25 Apr 2013 19:34:28 GMT
The important part of the error is "Cannot get kdc for realm CORP.EBAY.COM<http://CORP.EBAY.COM>".
 Check if the gateway's /etc/krb5.conf has an entry for CORP.EBAY.COM<http://CORP.EBAY.COM>
in the [realms] section.  Or if you actually have appropriate dns service records for kerberos,
you can use "dns_lookup_kdc = true".

Daryn

On Apr 25, 2013, at 12:36 AM, Jeff Zhang wrote:

Hi all,



I could connect to hadoop cluster by ssh tunnel before when there's no kerberos authentication.
Now our cluster need to upgrade to kerberos authentication. I try to connect to it by ssh
tunnel again. But failed.

Could anyone guide me to do that ? Is there any tutorial for this ?

Here's what I did.

  1.  create a forwardable ticket in my client machine.
  2.  edit ~/.ssh/config file

GSSAPIAuthentication yes

GSSAPIDelegateCredentials yes

  3.  execute command "ssh -N -D 3600 gateway_host " to create a ssh connection to my gateway
host

  4.  config my core-site.xml file for ssh tunnel connection

<property>
        <name>hadoophack.tunnel.port</name>
        <value>3600</value>
</property>

<property>
    <description>If users connect through a SOCKS proxy, we don't
      want their SocketFactory settings interfering with the socket
      factory associated with the actual daemons.</description>
    <name>hadoop.rpc.socket.factory.class.default</name>
    <value>org.apache.hadoop.net.SocksSocketFactory</value>
    <final>true</final>
</property>


And there's the error message when I run "hadoop fs -ls /"

13/04/24 22:31:13 ERROR security.UserGroupInformation: PriviledgedActionException as:jianfezhang@CORP.EBAY.COM<mailto:as%3Ajianfezhang@CORP.EBAY.COM>
cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid
credentials provided (Mechanism level: Cannot get kdc for realm CORP.EBAY.COM<http://CORP.EBAY.COM/>)]
13/04/24 22:31:13 INFO security.UserGroupInformation: Initiating logout for jianfezhang@CORP.EBAY.COM<mailto:jianfezhang@CORP.EBAY.COM>
13/04/24 22:31:13 INFO security.UserGroupInformation: Initiating re-login for jianfezhang@CORP.EBAY.COM<mailto:jianfezhang@CORP.EBAY.COM>
13/04/24 22:31:17 ERROR security.UserGroupInformation: PriviledgedActionException as:jianfezhang@CORP.EBAY.COM<mailto:as%3Ajianfezhang@CORP.EBAY.COM>
cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid
credentials provided (Mechanism level: Cannot get kdc for realm CORP.EBAY.COM<http://CORP.EBAY.COM/>)]
13/04/24 22:31:17 WARN security.UserGroupInformation: Not attempting to re-login since the
last re-login was attempted less than 600 seconds before.
13/04/24 22:31:21 ERROR security.UserGroupInformation: PriviledgedActionException as:jianfezhang@CORP.EBAY.COM<mailto:as%3Ajianfezhang@CORP.EBAY.COM>
cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid
credentials provided (Mechanism level: Cannot get kdc for realm CORP.EBAY.COM<http://CORP.EBAY.COM/>)]

--
Best Regards

Jeff Zhang


Mime
View raw message