zkCli 连接 Kerberos认证的 Zookeeper 集群_kerberos默认下zkclis.sh可以进入

zookeeper配置了kerberos之后。
先执行
klist -kt /etc/security/keytabs/zk.service.keytab

再执行
kinit -kt /etc/security/keytabs/zk.service.keytab ${Principal}
Principal 的值复制 klist 命令中 Principal 这一列的值。

执行 zkCli.sh 后提示 AUTH_FAILED

2021-11-24 16:16:28,622 - ERROR [main-SendThread(localhost:2181):ClientCnxn$SendThread@1059] - SASL authentication with Zookeeper Quorum member failed: javax.security.sasl.SaslException: An error: (java.security.PrivilegedActionException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - LOOKING_UP_SERVER)]) occurred when evaluating Zookeeper Quorum Member's  received SASL token. Zookeeper Client will go to AUTH_FAILED state.

WATCHER::

WatchedEvent state:AuthFailed type:None path:null
1
2
3
4
5

输入回车, 显示连接 localhost:2181

[zk: localhost:2181(AUTH_FAILED) 0] 
1

因为 principle 不是 localhost。改为连接 principle 中的主机名。

[zk: localhost:2181(AUTH_FAILED) 0] connect master-1:2181
1

可以看到已经连接。