JSCH kerberos 連接配置

原創 worgent 2018-08-22 07:36

近日產品要支持kerberos,
測試過程中經常會出現,需要輸入kerberos用戶名的情況,debug跟蹤,發現爲jsch在遠程連接的時候會進行認證

2017-09-13 10:04:22.391 DEBUG 13148 --- [nio-8080-exec-4] c.b.m.rest.base.util.JSchConnection      : connect,172.16.31.165,hadoop,hadoop,22
2017-09-13 10:04:22.493 DEBUG 13148 --- [nio-8080-exec-1] c.b.m.rest.base.util.JSchConnection      : connect,172.16.31.165,hadoop,hadoop,22
Kerberos 用戶名 [hadoop]: Kerberos 用戶名 [hadoop]: Kerberos 用戶名 [hadoop]: Kerberos 用戶名 [hadoop]: Kerberos 用戶名 [hadoop]: 

Kerberos 用戶名 [hadoop]: hadoop的 Kerberos 口令: 

com.jcraft.jsch.JSchException: Auth fail
    at com.jcraft.jsch.Session.connect(Session.java:512)
    at com.jcraft.jsch.Session.connect(Session.java:183)
    at com.bonc.manager.rest.base.util.JSchConnection.connect(JSchConnection.java:67)
    at com.bonc.manager.rest.base.util.JSchConnectionFactory.getJschConnection(JSchConnectionFactory.java:50)
    at com.bonc.manager.rest.base.util.JSchConnectionFactory.getJschConnection(JSchConnectionFactory.java:65)
    at com.bonc.manager.rest.base.util.ConfigUtil.readXmlFromHost(ConfigUtil.java:104)
    at com.bonc.manager.rest.modules.config.dao.impl.ConfigDaoImpl.getHostConfig(ConfigDaoImpl.java:68)
    at com.bonc.manager.rest.modules.config.service.ConfigServer.readconfig(ConfigServer.java:865)
    at com.bonc.manager.rest.modules.config.service.ConfigServer.saveConfigToLocal(ConfigServer.java:704)
    at com.bonc.manager.rest.util.ConfigurationUtil.getHdfsConf(ConfigurationUtil.java:56)
    at com.bonc.manager.rest.util.ConfigurationUtil.update(ConfigurationUtil.java:180)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:65)
    at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
    at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
    at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)

問題解決方式就是將kerberos認證方式去掉,具體爲去掉Kerberos/GSSAPI (gssapi-with-mic)

session.setConfig(
    "PreferredAuthentications", 
    "publickey,keyboard-interactive,password");

參考
https://stackoverflow.com/questions/29669459/skipping-kerberos-authentication-prompts-with-jsch

發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章

nfs

AELY木 2019-02-22 23:51:44

Kerberos Work Principle

mike_lee 2019-02-22 23:10:09

Windows安全認證是如何進行的?[Kerberos篇]

heizitan 2019-02-22 18:30:38

HDP Ambari完全卸載(RPM Install)

FanoLi 2019-01-10 13:51:23

kerberos的故事2

志端 2019-01-03 13:28:44

kerberos的故事1

志端 2019-01-03 13:28:44

Kerberos 主從配置

FanoLi 2018-12-28 12:52:55

Ambari2.6.2集成Kerberos

FanoLi 2018-12-19 12:51:26

也說Hadoop敏感信息加密方案的嘗試(上) 原

問津已非少年 2018-12-02 21:12:14

nfs

AELY木 2018-09-12 05:24:08

Kerberos Work Principle

mike_lee 2018-09-12 03:23:33

nfs加kerberos

chomperwu 2018-09-12 02:12:07

hadoop的安全系列

flyfish225 2018-09-12 02:03:49

kerberos 巨坑

落花非有意 2018-09-11 09:35:28

kafka kerberos 認證訪問與非認證訪問共存下的ACL問題

落花非有意 2018-09-11 09:35:28