java kerberos配置_为kerberos配置Storm

我正在尝试配置单节点风暴群集以运行kerberos身份验证 . 任何时候我尝试使用此curl访问ui：curl -i --negotiate -u：storm -b~ / cookiejar.txt -c~ / cookiejar.txt http://hadoop-machine1:8080/api/v1/cluster/summary我有以下错误：HTTP错误：403 GSSException：未指定失败在GSS-API级别(机制级别：不支持/启用加密类型AES256 CTS模式，HMAC SHA1-96) .

这是我的风暴配置：

ui.header.buffer.bytes: 65536

storm.zookeeper.servers:

- "192.168.1.3"

storm.zookeeper.port: 2181

nimbus.host: "192.168.1.3"

java.library.path: "/usr/local/lib"

storm.local.dir: "/tmp/storm-data"

storm.messaging.transport: backtype.storm.messaging.netty.Context

supervisor.slots.ports:

- 6700

- 6701

- 6702

- 6703

- 6704

- 6705

- 6706

- 6707

ui.filter: "org.apache.hadoop.security.authentication.server.AuthenticationFilter"

ui.filter.params:

"type": "kerberos"

"kerberos.principal": "HTTP/hadoop-machine1@HADOOP-MACHINE1"

"kerberos.keytab": "/vagrant/keytabs/http.keytab"

"kerberos.name.rules": "DEFAULT"

storm.thrift.transport : "backtype.storm.security.auth.kerberos.KerberosSaslTransportPlugin"

storm.principal.tolocal: "backtype.storm.security.auth.KerberosPrincipalToLocal"

storm.zookeeper.superACL: "sasl:stormc"

java.security.auth.login.config: "/home/wouri/apache-storm-0.10.0/conf/jaas.conf"

nimbus.authorizer: "backtype.storm.security.auth.authorizer.SimpleACLAuthorizer"

nimbus.admins:

- "stormc"

nimbus.supervisor.users:

- "stormc"

nimbus.childopts: "-Xmx1024m -Djava.security.auth.login.config=/home/wouri/apache-storm-0.10.0/conf/jaas.conf"

ui.childopts: "-Xmx768m -Djava.security.auth.login.config=/home/wouri/apache-storm-0.10.0/conf/jaas.conf"

supervisor.childopts: "-Xmx256m -Djava.security.auth.login.config=/home/wouri/apache-storm-0.10.0/conf/jaas.conf"

下面是我的kerberos配置krb5.conf：

[libdefaults]

default_realm = HADOOP-MACHINE1

dns_lookup_realm = true

dns_lookup_kdc = true

[realms]

HADOOP-MACHINE1 = {

kdc = hadoop-machine1

admin_server = hadoop-machine1

master_key_type = aes256-cts-hmac-sha1-96

supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal

}

[domain_realm]

.hadoop-machine1 = HADOOP-MACHINE1

hadoop-machine1 = HADOOP-MACHINE1

以下是jaas.conf文件：

StormServer {

com.sun.security.auth.module.Krb5LoginModule required

useKeyTab=true

keyTab="/home/wouri/apache-storm-0.10.0/conf/storm.keytab"

storeKey=true

useTicketCache=false

principal="stormc/hadoop-machine1@HADOOP-MACHINE1";

};

StormClient {

com.sun.security.auth.module.Krb5LoginModule required

useKeyTab=true

keyTab="/home/wouri/apache-storm-0.10.0/conf/storm.keytab"

storeKey=true

useTicketCache=false

serviceName="stormc"

principal="stormc/hadoop-machine1@HADOOP-MACHINE1";

};

Server {

com.sun.security.auth.module.Krb5LoginModule required

useKeyTab=true

keyTab="/usr/local/zookeeper/conf/zookeeper.keytab"

storeKey=true

useTicketCache=false

serviceName="zookeeper"

principal="zookeeper/hadoop-machine1@HADOOP-MACHINE1";

};

请问，我是否缺少配置标志？