Re: Error while enabling kerberos

bgooley · ‎04-22-2014

A couple things:

(1)

Your 'kinit' test shows that your krb5.conf is not configured for hadoop.

you have the default linux krb5.conf there.

Edit it and comment out the line starting with default_ccache_name

Java does not support keyring credentials cache at this time, so Java processes will not have access to it and will fail if MIT kinit was used to create credentials.

(2)

"ICMP Port Unreachable" is a clear indicator that there the server side cannot access the port being requested. In thsi case, it should be port 88. Make sure your host's /etc/krb5.conf is configured with the realm in the [realms] section correctly. Your realm should have at least one "kdc" like like:

kdc = myadkdc.example.com:88

If that is configured, try running a telnet to that port like:

# telnet myadkdc.example.com 88

Maybe use wireshark or tcpdump too to debug what is going on...

balusu · ‎06-06-2018

@bgooley

Fantastic!...Both of the changes did the magic :) Kudos!!!

Re: Error while enabling kerberos

Sentry don't synchronize with LDAP

How to get Unix group Name mapped to Sentry role

Cloudera - Kerberos GSS initiate failed (Even when...

how to use the api of apache sentry1.5 such as Sen...

how to call apache sentry 1.5 api

Cloudera RecordService dead?

sentry and yarn queues

I want to install apache ranger with cloudera. Can...

must yarn configure containor executor in a kerber...

Impleted TLS, Unable to access CM after that

Document level authorisation in Solr

after installing sentry I get privilige errors in ...

Benchmark test ouput file permission denied (TestD...

SWICHDATABASE privilege missing error in HUE. User...

User Cloudera can't see any table or db in HUE aft...