OK local environment to access the cluster
production environment is being given
to find the log information found Kerberos authentication when the domain name resolution problem? ! !
Log production environment ping 043 nodes can ping the domain name is the explanation that resolves to an IP address (the DNS server) thin blue mushrooms, obviously being given why the domain name resolution problem can ping it?
Then put the code into native Java to access the cluster IP try, huh incorrect report
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:770)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
... 90 common frames omitted
Caused by: sun.security.krb5.KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308)
at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126)
at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
... 93 common frames omitted
Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
... 99 common frames omitted
Local direct access to IP, then Kerberos authentication is not passed, the domain name is changed to the
(local configuration of the hosts map)
After two days of investigation finally found the problem:
a production environment krb5.conf file is configured to have a closed dns visit, that cluster is direct communication by hosts, and did not use a DNS server? ! !
I also wonder now be able to ping, there should be no mistake fishes IP and DNS, the original cluster configuration issue, do not understand the development of operation and maintenance is not a qualified programmer. . .
Solution:
the production environment to configure IP and domain name mapping.
after class homework:
#本地域名解析
/etc/host.conf
#DNS服务器
/etc/resolv.conf
#本地还是DNS优先级
/etc/nsswitch.conf