Java api to access the cluster (Kerberos authentication is not passed)

Others 2020-03-09 19:52:12 views: null

OK local environment to access the cluster
production environment is being given
Here Insert Picture Description
to find the log information found Kerberos authentication when the domain name resolution problem? ! !
Log production environment ping 043 nodes can ping the domain name is the explanation that resolves to an IP address (the DNS server) thin blue mushrooms, obviously being given why the domain name resolution problem can ping it?
Then put the code into native Java to access the cluster IP try, huh incorrect report

Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)
	at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:770)
	at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
	at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
	at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
	... 90 common frames omitted
Caused by: sun.security.krb5.KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER
	at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
	at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
	at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
	at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308)
	at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126)
	at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
	at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
	... 93 common frames omitted
Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match expected value (906)
	at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
	at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
	at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
	at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
	... 99 common frames omitted

Local direct access to IP, then Kerberos authentication is not passed, the domain name is changed to the
(local configuration of the hosts map)
After two days of investigation finally found the problem:
Here Insert Picture Description
a production environment krb5.conf file is configured to have a closed dns visit, that cluster is direct communication by hosts, and did not use a DNS server? ! !
I also wonder now be able to ping, there should be no mistake fishes IP and DNS, the original cluster configuration issue, do not understand the development of operation and maintenance is not a qualified programmer. . .

Solution:
the production environment to configure IP and domain name mapping.

after class homework:

#本地域名解析
/etc/host.conf
#DNS服务器
/etc/resolv.conf
#本地还是DNS优先级
/etc/nsswitch.conf
lhxsir
Published 118 original articles · won praise 25 · Views 150,000 +
Private letter concerns

Guess you like

Origin blog.csdn.net/lhxsir/article/details/89102062
Recommended
TIOBE May list: Fortran “resurrected” into Top 10
GCC 14.1 released
Ranking
B. Little Girl and Game【1300 / 回文字符串 博弈论】
CIKERS Shane 20190613
"Javascript advanced programming" study notes - the constructor and prototype
beeline hiveserver2 start
springboot - Automatically backup mysql data every day
Data Storage Full Solution--Detailed Persistence Technology
Detailed Explanation of Spring Web MVC DispatcherServlet—Official Original
TCP / IP protocol layers structure and function
Command type literal pos: unknown; Fallback type literal pos: unknown] with root cause
Design of multifunctional curtain controller with indoor anti-theft alarm
Daily
More
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)

Code World

© 2018 codetd.com