hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Zhang <zjf...@gmail.com>
Subject How to connect to hadoop through ssh tunnel and kerberos authentication
Date Thu, 25 Apr 2013 05:36:12 GMT
Hi all,


I could connect to hadoop cluster by ssh tunnel before when there's no
kerberos authentication. Now our cluster need to upgrade to kerberos
authentication. I try to connect to it by ssh tunnel again. But failed.

Could anyone guide me to do that ? Is there any tutorial for this ?

Here's what I did.

   1. create a forwardable ticket in my client machine.
   2.

   edit ~/.ssh/config file

   GSSAPIAuthentication yes

   GSSAPIDelegateCredentials yes
   3.

   execute command "ssh -N -D 3600 gateway_host " to create a ssh
   connection to my gateway host
   4. config my core-site.xml file for ssh tunnel connection

<property>
        <name>hadoophack.tunnel.port</name>
        <value>3600</value></property>
<property>
    <description>If users connect through a SOCKS proxy, we don't
      want their SocketFactory settings interfering with the socket
      factory associated with the actual daemons.</description>
    <name>hadoop.rpc.socket.factory.class.default</name>
    <value>org.apache.hadoop.net.SocksSocketFactory</value>
    <final>true</final></property>

And there's the error message when I run "hadoop fs -ls /"
13/04/24 22:31:13 ERROR security.UserGroupInformation:
PriviledgedActionException
as:jianfezhang@CORP.EBAY.COMcause:javax.security.sasl.SaslException:
GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Cannot get
kdc for realm CORP.EBAY.COM)]
13/04/24 22:31:13 INFO security.UserGroupInformation: Initiating logout for
jianfezhang@CORP.EBAY.COM
13/04/24 22:31:13 INFO security.UserGroupInformation: Initiating re-login
for jianfezhang@CORP.EBAY.COM
13/04/24 22:31:17 ERROR security.UserGroupInformation:
PriviledgedActionException
as:jianfezhang@CORP.EBAY.COMcause:javax.security.sasl.SaslException:
GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Cannot get
kdc for realm CORP.EBAY.COM)]
13/04/24 22:31:17 WARN security.UserGroupInformation: Not attempting to
re-login since the last re-login was attempted less than 600 seconds before.
13/04/24 22:31:21 ERROR security.UserGroupInformation:
PriviledgedActionException
as:jianfezhang@CORP.EBAY.COMcause:javax.security.sasl.SaslException:
GSS initiate failed [Caused by
GSSException: No valid credentials provided (Mechanism level: Cannot get
kdc for realm CORP.EBAY.COM)]

-- 
Best Regards

Jeff Zhang

Mime
View raw message