我已经设置了一个python docker映像,并包括一个krb5.conf文件,keytab文件和python库。我正在运行一个python脚本,该脚本对经过内核化的hadoop集群进行身份验证。我遇到了错误:Stderr: kinit: Client 'root@MY.DOMAIN.LOCAL' not found in Kerberos database while getting initial credentials.
我不知道为什么在设置root
时在客户端svc_account
上失败了。我是否需要向此krb5.conf文件中添加某些内容或类似的内容?
以下是我的python代码:
import ssl
from impala.dbapi import connect
import os
os.system("kinit")
conn = connect(host='impala/server2primary.my.domain.local@MY.DOMAIN.LOCAL',port=21050,use_ssl=True,user='svc_account@MY.DOMAIN.LOCAL',auth_mechanism = 'GSSAPI')
cur = conn.cursor()
cur.execute('SHOW DATABASES;')
result=cur.fetchall()
for data in result:
print (data)
我已经设置了krb5.keytab
文件:
addent -password -p svc_account@MY.DOMAIN.LOCAL -k 1 -e rc4-hmac
addent -password -p svc_account@MY.DOMAIN.LOCAL -k 1 -e aes256-cts
addent -password -p svc_account@MY.DOMAIN.LOCAL -k 1 -e aes128-cts
wkt /etc/krb5.keytab
以下是我的krb5.conf
文件:
[libdefaults]
default_realm = MY.DOMAIN.LOCAL
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts aes128-cts rc4-hmac
default_tkt_enctypes = aes256-cts aes128-cts rc4-hmac
permitted_enctypes = aes256-cts aes128-cts rc4-hmac
udp_preference_limit = 1
kdc_timeout = 3000
[realms]
MY.DOMAIN.LOCAL = {
kdc = server1primary.my.domain.local
admin_server = server1primary.my.domain.local
default_domain = MY.DOMAIN.LOCAL
}
[domain_realm]
MY.DOMAIN.LOCAL = MY.DOMAIN.LOCAL