我们正在尝试使用此处给出的示例连接到微服务中的 webhdfs URL https://www.ibm.com/support/knowledgecenter/en/SSPT3X_3.0.0/com.ibm.swg.im.infosphere.biginsights.admin。 doc/doc/kerberos_httpfs.html

我已经为其创建了 conf 文件并保存在资源位置

    [libdefaults]

     allow_weak_crypto = true

     default_realm = CLOUD.CORP.XXXXXX.XXX

     # kdc will be obtained through DNS SRV

     dns_lookup_kdc = true

     dns_lookup_realm = true

     forwardable = true

     default_tkt_enctypes = aes256-cts aes128-cts

     default_etypes = aes256-cts aes128-cts

     default_tgs_enctypes = aes256-cts aes128-cts

     permitted_enctypes = aes256-cts aes128-cts

     ticket_lifetime = 24h

     rdns = true

    [realms]

    CLOUD.CORP.XXXXXX.XXX = {

     kdc = abc-dv-def0.cloud.corp.XXXXXX.XXX:88

     master_kdc = abc-dv-def0.cloud.corp.XXXXXX.XXX:88

    }

    [domain_realm]

     .cloud.corp.XXXXXX.XXX = CLOUD.CORP.XXXXXX.XXX

     cloud.corp.XXXXXX.XXX = CLOUD.CORP.XXXXXX.XXX

     abc-dv-def0.cloud.corp.XXXXXX.XXX = CLOUD.CORP.XXXXXX.XXX

java代码片段如下

    Configuration conf = new Configuration();

    conf.set("hadoop.security.authentication", "kerberos");

    conf.set("hadoop.home.dir", "/");

    UserGroupInformation.setConfiguration(conf);

    System.out.println("--------------loginWithKeytab--------");

    UserGroupInformation loginUser = UserGroupInformation.loginUserFromKeytabAndReturnUGI(principal, keytabUrl);

    UserGroupInformation.setLoginUser(loginUser);

    String user = UserGroupInformation.getCurrentUser().getUserName();

    System.out.println("Starting the connection for User:::"+user);

我创建了自己的 buildpack 以部署到 PCF，并添加了 local_policy.jar 以实现无限强度 (JCE)，以便在 PCF 中解包时覆盖。https://github.com/sivacham/java-buildpack