MAPREDUCE服务 MRS-账号锁定导致启动Kafka组件失败:原因分析

时间:2024-11-22 09:34:06

原因分析

查看Kerberos日志“/var/log/Bigdata/kerberos/krb5kdc.log”,发现有集群外的IP使用Kafka用户连接,导致多次认证失败,最终导致Kafka账号被锁定。
Jul 11 02:49:16 192-168-1-91 krb5kdc[1863](info): AS_REQ (2 etypes {18 17}) 192.168.1.93: NEEDED_PREAUTH: kafka/hadoop.hadoop.com@HADOOP.COM for krbtgt/HADOOP.COM@HADOOP.COM, Additional pre-authentication required
Jul 11 02:49:16 192-168-1-91 krb5kdc[1863](info): preauth (encrypted_timestamp) verify failure: Decrypt integrity check failed
Jul 11 02:49:16 192-168-1-91 krb5kdc[1863](info): AS_REQ (2 etypes {18 17}) 192.168.1.93: PREAUTH_FAILED: kafka/hadoop.hadoop.com@HADOOP.COM for krbtgt/HADOOP.COM@HADOOP.COM, Decrypt integrity check failed
support.huaweicloud.com/trouble-mrs/mrs_03_0106.html