Closed gp1314 closed 3 years ago
I have the same problem。
@gp1314 Have you solved the problem?
我在hiveserver2所在服务器执行行的时候,却报另一个错:
File "hive.py", line 18, in <module>
raise e
File "hive.py", line 8, in <module>
with krbcontext(using_keytab=True, principal=user, keytab_file=keytab_file):
File "/home/data/xxx/miniconda3/lib/python3.6/site-packages/krbcontext/context.py", line 274, in __enter__
self._prepare_context()
File "/home/data/xxx/miniconda3/lib/python3.6/site-packages/krbcontext/context.py", line 264, in _prepare_context
self.init_with_keytab()
File "/home/data/xxx/miniconda3/lib/python3.6/site-packages/krbcontext/context.py", line 156, in init_with_keytab
creds = gssapi.creds.Credentials(**creds_opts)
File "/home/data/xxx/miniconda3/lib/python3.6/site-packages/gssapi/creds.py", line 64, in __new__
store=store)
File "/home/data/xxx/miniconda3/lib/python3.6/site-packages/gssapi/creds.py", line 140, in acquire
raise NotImplementedError("Your GSSAPI implementation does "
NotImplementedError: Your GSSAPI implementation does not have support for manipulating credential stores
@zzdgit @gp1314 What's the version of python-gssapi are you using?
@tkdchen I have tried all the following versions:gssapi==1.6.5 and gssapi==1.5.0
@tkdchen I mainly used to connect HIVE, an error thrown during kerberos authentication.But I had no problems with other servers。
When I made a mistake on dubug, on this file 146 line, Calling the underlying C dynamic library library times an error. What should I do /home/data/xxx/miniconda3/lib/python3.6/site-packages/gssapi/creds.py", line 146
res = rcred_cred_store.acquire_cred_from(store, name,
lifetime, mechs,
usage)
@zzdgit
I have no experience on HIVE. krbcontext is just a simple wrapper of python-gssapi to handle some specific cases. According to the trackback you mentioned above, it looks the issue is related to gssapi itself. I would suggest you to create an object of gssapi.creds.Credential
to try to reproduce it with your keytab file and principal and see what would happen. For example:
creds = gssapi.creds.Credentials(
usage='initiate', name=principal, store={
'client_keytab': 'path/to/keytab-file',
}
)
If it still happens, perhaps, you need to ask for help from gssapi maintainers.
But I had no problems with other servers
BTW, would you like to mention what kinds of Kerberos environment have you succeeded to interact with by krbcontext? Thanks!
@zzdgit 有什么进展吗?
@tkdchen 我的问题算是解决了。我是去连接hive的,有kerberos认证。连接的hive服务端源码被修改导致的。 但是我还没太弄明白python去认证kerberos的机制。感觉和krbcontext没啥关系。 首先我下缓存kerberos凭据:kinit -kt xxx.keytab xxx 之前有问题,我的代码如下:
with krbcontext(using_keytab=True, principal=self.user, keytab_file=self.keytab_file):
self.conn = connect(host=host, port=port, auth_mechanism='GSSAPI', kerberos_service_name='hive')
self.cursor = self.conn.cursor()
之后解决问题是,去掉with这一行
self.conn = connect(host=host, port=port, auth_mechanism='GSSAPI', kerberos_service_name='hive')
self.cursor = self.conn.cursor()
因为hive的kerberos认证还在,只需要先在服务器上激活kerberos认证凭据kinit -kt xxx.keytab xxx,但是我现在代码里没带任何认证去连接认证,也能连接上。感觉很奇怪。
所以目前还在看gssapi这块是怎么实现的。
@zzdgit
self.user
的值是什么?如果使用keytab,应该把keytab里面有的principal传给principal参数。
@tkdchen 抱歉,因为代码我是从我项目中截取的,有的地方没改 self.user 就是keytab的这个用户的名字, 就是keytab里面的principal
I use the username and password for kdc authentication, but I can't authenticate successfully.
init_with_password() take error message:
My code
Version Information gssapi 1.6.1 krbcontext 0.10