1

I am new to Hadoop and I made a Hadoop cluster with 3 centos machine in my VMware, and I also kerberosing the cluster, it works fine in the VMware, I can reach the URL by FireFox in CenotOS machine

However, when I try to reach the page outside the VMware(in my windows machine) it always shows like this

  1. I can ping each other by IP or hostname(I have set the hosts file)

  2. I have got the ticket from KDC in my windows machine by MIT Kerberos, like this and when I type klist in my windows cmd, it showed the ticket.

  3. I have set the firefox as suggested(as in centos I can reach the page.)

  4. what else should i set?

help please!

the ticket i got

this is my krb5.ini and krb5.conf in my windows and centos machine

[logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 dns_lookup_realm = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true
 renewable = true
 rdns = false
 default_realm = HADOOP.COM 

[realms]
HADOOP.COM = {
  kdc = master:88
  admin_server = master:749
}

[domain_realm]
master = HADOOP.COM
slave1 = HADOOP.COM
slave2 = HADOOP.COM
T-Heron
  • 5,385
  • 7
  • 26
  • 52
Rye
  • 11
  • 3
  • *"I have set the firefox as suggested"* -- what does that mean? did do change the Firefox configuration to enable GSSAPI library *(the Java/Linux way to handle Kerberos)* instead of SSPI library which is the default on Windows *(the Microsoft way to handle Kerberos inside Active Directory)*?? – Samson Scharfrichter Nov 22 '16 at 13:47
  • Thx at first , and the problem was solved, "I have set the firefox as suggested" means I change 2 value in firefox's "about:config" page 1.network.auth.use-sspi : false 2.network.negotiate-auth.trusted-uris : my KDC's hostname. – Rye Nov 23 '16 at 07:07
  • When using the browser, you would need a service ticket for the 'Web Server'. Did you get one? The screenshot suggests a TGT only. network.negotiate-auth.trusted-uris must list the actual service (web server) not the KDC – Bernhard Thalmayr Nov 23 '16 at 08:41

0 Answers0