GSSException:未提供有效凭据(机制级别:找不到任何 Kerberos

GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos

GSSException:未提供有效凭据(机制级别:未能找到任何 Kerberos 凭据)

livy 0.7.1 CDH 6.3.2(启用kerberos)

在livy.conf

livy.server.auth.type = kerberos
livy.server.auth.kerberos.principal = jzyc/bigdser4@JOIN.COM
livy.server.auth.kerberos.keytab = /hadoop/app/jzyc_bigdser4.keytab
livy.server.launch.kerberos.keytab = /hadoop/app/HTTP.keytab
livy.server.launch.kerberos.principal = HTTP/bigdser4@JOIN.COM
livy.impersonation.enabled = false

1.admin.local -q "addprinc jzyc/bigdser4" 2. kadmin.local -q "xst -k jzyc_bigdser4.keytab jzyc/bigdser4@JOIN.COM"

我可以 运行 livy,但我不能使用 livy。我收到错误消息“GSSException:未提供有效凭据(机制级别:无法找到任何 Kerberos credentails)”

在日志中我可以看到

21/04/21 17:24:35 INFO LivyServer: SPNEGO auth enabled (principal = jzyc/bigdser4@JOIN.COM)
21/04/21 17:24:35 INFO KerberosAuthenticationHandler: Login using keytab /hadoop/app/jzyc_bigdser4.keytab, for principal jzyc/bigdser4@JOIN.COM
    Debug is  true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is /hadoop/app/jzyc_bigdser4.keytab refreshKrb5Config i
    s true principal is jzyc/bigdser4@JOIN.COM tryFirstPass is false useFirstPass is false storePass is false clearPass is false
    Refreshing Kerberos configuration
    Acquire TGT from Cache
    Principal is jzyc/bigdser4@JOIN.COM
    null credentials from Ticket Cache
    principal is jzyc/bigdser4@JOIN.COM
    Will use keytab
    Commit Succeeded 
    …………………………………………………………
    org.apache.hadoop.security.authentication.client.AuthenticationException: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)
            at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:398)
            at org.apache.hadoop.security.authentication.server.AuthenticationFilter.doFilter(AuthenticationFilter.java:518)
            at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1759)
            at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:582)
            at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
            at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:512)
            at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
            at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
            at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:119)
            at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
            at org.eclipse.jetty.server.Server.handle(Server.java:539)
            at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:333)
            at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:251)
            at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:283)
            at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:108)
            at org.eclipse.jetty.io.SelectChannelEndPoint.run(SelectChannelEndPoint.java:93)
            at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.executeProduceConsume(ExecuteProduceConsume.java:303)
            at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceConsume(ExecuteProduceConsume.java:148)
            at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:136)
            at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:671)
            at org.eclipse.jetty.util.thread.QueuedThreadPool.run(QueuedThreadPool.java:589)
            at java.lang.Thread.run(Thread.java:748)
    Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)
            at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:87)
            at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:129)
            at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193)
            at sun.security.jgss.spnego.SpNegoMechFactory.getCredentialElement(SpNegoMechFactory.java:142)
            at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:193)
            at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:427)
            at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:77)
            at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:160)
            at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.run(KerberosAuthenticationHandler.java:355)
            at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.run(KerberosAuthenticationHandler.java:347)
            at java.security.AccessController.doPrivileged(Native Method)
            at javax.security.auth.Subject.doAs(Subject.java:422)
            at org.apache.hadoop.security.authentication.server.KerberosAuthenticationHandler.authenticate(KerberosAuthenticationHandler.java:347)
            ... 21 more
# livy.server.auth.type = kerberos
# livy.server.auth.kerberos.principal = jzyc/bigdser4@JOIN.COM
# livy.server.auth.kerberos.keytab = /hadoop/app/jzyc_bigdser4.keytab
 livy.server.launch.kerberos.keytab = /hadoop/app/jztwk.keytab
 livy.server.launch.kerberos.principal = jztwk/hadoop@JOIN.COM
 livy.impersonation.enabled = true