Stderr:kinit:客户端 - 获取初始凭据时未在 Kerberos 数据库中找到
Stderr: kinit: Client - not found in Kerberos database while getting initial credentials
我已经设置了一个 python docker 图像并包含了一个 krb5.conf 文件、keytab 文件和 python 库。我是 运行 一个 python 脚本,用于验证 kerborized hadoop 集群。我 运行 遇到错误:Stderr: kinit: Client 'root@MY.DOMAIN.LOCAL' not found in Kerberos database while getting initial credentials. 我不知道为什么当我设置 svc_account 时它在客户端 root 上失败。我是否需要向这个 krb5.conf 文件或类似的东西添加一些东西?
以下是我的python代码:
import ssl
from impala.dbapi import connect
import os
os.system("kinit")
conn = connect(host='impala/server2primary.my.domain.local@MY.DOMAIN.LOCAL', port=21050, use_ssl=True, user='svc_account@MY.DOMAIN.LOCAL', auth_mechanism = 'GSSAPI')
cur = conn.cursor()
cur.execute('SHOW DATABASES;')
result=cur.fetchall()
for data in result:
print (data)
我已经设置了 krb5.keytab 文件:
addent -password -p svc_account@MY.DOMAIN.LOCAL -k 1 -e rc4-hmac
addent -password -p svc_account@MY.DOMAIN.LOCAL -k 1 -e aes256-cts
addent -password -p svc_account@MY.DOMAIN.LOCAL -k 1 -e aes128-cts
wkt /etc/krb5.keytab
以下是我的krb5.conf文件:
[libdefaults]
default_realm = MY.DOMAIN.LOCAL
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts aes128-cts rc4-hmac
default_tkt_enctypes = aes256-cts aes128-cts rc4-hmac
permitted_enctypes = aes256-cts aes128-cts rc4-hmac
udp_preference_limit = 1
kdc_timeout = 3000
[realms]
MY.DOMAIN.LOCAL = {
kdc = server1primary.my.domain.local
admin_server = server1primary.my.domain.local
default_domain = MY.DOMAIN.LOCAL
}
[domain_realm]
MY.DOMAIN.LOCAL = MY.DOMAIN.LOCAL
以下解决了我的问题:
os.system("kinit -kt /etc/krb5.keytab svc_account@MY.DOMAIN.LOCAL")
我已经设置了一个 python docker 图像并包含了一个 krb5.conf 文件、keytab 文件和 python 库。我是 运行 一个 python 脚本,用于验证 kerborized hadoop 集群。我 运行 遇到错误:Stderr: kinit: Client 'root@MY.DOMAIN.LOCAL' not found in Kerberos database while getting initial credentials. 我不知道为什么当我设置 svc_account 时它在客户端 root 上失败。我是否需要向这个 krb5.conf 文件或类似的东西添加一些东西?
以下是我的python代码:
import ssl
from impala.dbapi import connect
import os
os.system("kinit")
conn = connect(host='impala/server2primary.my.domain.local@MY.DOMAIN.LOCAL', port=21050, use_ssl=True, user='svc_account@MY.DOMAIN.LOCAL', auth_mechanism = 'GSSAPI')
cur = conn.cursor()
cur.execute('SHOW DATABASES;')
result=cur.fetchall()
for data in result:
print (data)
我已经设置了 krb5.keytab 文件:
addent -password -p svc_account@MY.DOMAIN.LOCAL -k 1 -e rc4-hmac
addent -password -p svc_account@MY.DOMAIN.LOCAL -k 1 -e aes256-cts
addent -password -p svc_account@MY.DOMAIN.LOCAL -k 1 -e aes128-cts
wkt /etc/krb5.keytab
以下是我的krb5.conf文件:
[libdefaults]
default_realm = MY.DOMAIN.LOCAL
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts aes128-cts rc4-hmac
default_tkt_enctypes = aes256-cts aes128-cts rc4-hmac
permitted_enctypes = aes256-cts aes128-cts rc4-hmac
udp_preference_limit = 1
kdc_timeout = 3000
[realms]
MY.DOMAIN.LOCAL = {
kdc = server1primary.my.domain.local
admin_server = server1primary.my.domain.local
default_domain = MY.DOMAIN.LOCAL
}
[domain_realm]
MY.DOMAIN.LOCAL = MY.DOMAIN.LOCAL
以下解决了我的问题:
os.system("kinit -kt /etc/krb5.keytab svc_account@MY.DOMAIN.LOCAL")