Tags: #krb5 #KERBEROS
Date: 2022-07-24 Links: Explanation of Links: Zettelkasten: Summary: Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER

Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER

这种情况下怎么解决

2022-07-22 18:19:53,660 INFO  [pool-5-thread-15] o.a.h.s.UserGroupInformation.loginUserFromKeytab(1147) : Login successful for user hive/cdh1@HADOOP.COM using keytab file /root/hive/hive.keytab. Keytab auto renewal enabled : false
2022-07-22 18:19:53,661 INFO  [pool-5-thread-15] h.metastore.getIfClientFilterEnabled(308) : HMS client filtering is enabled.
2022-07-22 18:19:53,661 INFO  [pool-5-thread-15] h.metastore.open(472) : Trying to connect to metastore with URI thrift://172.20.74.237:9083
>>> KrbKdcReq send: #bytes read=173
>>> KrbKdcReq send: #bytes read=173
>>> KdcAccessibility: remove cdh1
>>> KdcAccessibility: remove cdh1
>>> KDCRep: init() encoding tag is 126 req type is 13
>>> KDCRep: init() encoding tag is 126 req type is 13
>>>KRBError:
>>>KRBError:
	 cTime is Sun May 06 10:38:20 CST 2007 1178419100000
	 cTime is Sun Sep 20 02:47:24 CST 1992 716928444000
	 sTime is Fri Jul 22 18:18:55 CST 2022 1658485135000
	 suSec is 6467
	 error code is 7
	 error Message is Server not found in Kerberos database
	 cname is hive/cdh1@HADOOP.COM
	 sname is hive/172.20.74.237@HADOOP.COM
	 msgType is 30
	 sTime is Fri Jul 22 18:18:55 CST 2022 1658485135000
	 suSec is 6469
	 error code is 7
	 error Message is Server not found in Kerberos database
	 cname is hive/cdh1@HADOOP.COM
	 sname is hive/172.20.74.237@HADOOP.COM
	 msgType is 30
2022-07-22 18:19:53,663 INFO  [pool-5-thread-9] h.metastore.open(472) : Trying to connect to metastore with URI thrift://172.20.74.237:9083
Found ticket for hive/cdh1@HADOOP.COM to go to krbtgt/HADOOP.COM@HADOOP.COM expiring on Sat Jul 23 18:18:55 CST 2022
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for hive/cdh1@HADOOP.COM to go to krbtgt/HADOOP.COM@HADOOP.COM expiring on Sat Jul 23 18:18:55 CST 2022
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 18 17 16 23.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.Aes256CtsHmacSha1EType
2022-07-22 18:19:53,663 ERROR [pool-5-thread-16] o.a.t.t.TSaslTransport.open(313) : SASL negotiation failure
javax.security.sasl.SaslException: GSS initiate failed
	at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:211)
	at org.apache.thrift.transport.TSaslClientTransport.handleSaslStartMessage(TSaslClientTransport.java:94)
	at org.apache.thrift.transport.TSaslTransport.open(TSaslTransport.java:271)
	at org.apache.thrift.transport.TSaslClientTransport.open(TSaslClientTransport.java:37)
	at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:52)
	at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport$1.run(TUGIAssumingTransport.java:49)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
	at org.apache.hadoop.hive.thrift.client.TUGIAssumingTransport.open(TUGIAssumingTransport.java:49)
	at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.open(HiveMetaStoreClient.java:545)
	at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:303)
	at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.<init>(HiveMetaStoreClient.java:219)
	at com.info2soft.sync.hive.increment.bigdata.hive.HiveUtils.lambda$getHiveMetaStoreClient$0(HiveUtils.java:66)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1875)
	at com.info2soft.sync.hive.increment.bigdata.hive.HiveUtils.getHiveMetaStoreClient(HiveUtils.java:64)
	at com.info2soft.sync.hive.increment.configuration.HiveClientFactory.getHiveMetaStoreClientWrapper(HiveClientFactory.java:74)
	at com.info2soft.sync.hive.increment.configuration.HiveClientFactory.getHiveMetaStoreClientWrapper(HiveClientFactory.java:80)
	at com.info2soft.sync.hive.increment.task.TaskEstimator.analyzeTableSpec(TaskEstimator.java:77)
	at com.info2soft.sync.hive.increment.task.TaskEstimator.analyze(TaskEstimator.java:56)
	at com.info2soft.sync.hive.bootstrap.hive.TableCompareWorker.processTable(TableCompareWorker.java:69)
	at com.info2soft.sync.hive.bootstrap.hive.TableComparator$SplitCallable.call(TableComparator.java:100)
	at com.info2soft.sync.hive.bootstrap.hive.TableComparator$SplitCallable.call(TableComparator.java:86)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)
	at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:770)
	at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
	at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
	at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
	... 28 common frames omitted
Caused by: sun.security.krb5.KrbException: Server not found in Kerberos database (7) - LOOKING_UP_SERVER
	at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:73)
	at sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:251)
	at sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:262)
	at sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:308)
	at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:126)
	at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
	at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
	... 31 common frames omitted
Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match expected value (906)
	at sun.security.krb5.internal.KDCRep.init(KDCRep.java:140)
	at sun.security.krb5.internal.TGSRep.init(TGSRep.java:65)
	at sun.security.krb5.internal.TGSRep.<init>(TGSRep.java:60)
	at sun.security.krb5.KrbTgsRep.<init>(KrbTgsRep.java:55)
	... 37 common frames omitted
>>> KrbKdcReq send: kdc=cdh1 UDP:88, timeout=30000, number of retries =3, #bytes=648
>>> KDCCommunication: kdc=cdh1 UDP:88, timeout=30000,Attempt =1, #bytes=648

Questions

Tags: #kerbores #nslookup

• 如何解决
• 使用IP访问hosts？
• [[202207241141#^44b4dd]] Zettelkasten: Tags: Links: