07-12-2018 04:38 PM
A couple things:
(1)
Your 'kinit' test shows that your krb5.conf is not configured for hadoop.
you have the default linux krb5.conf there.
Edit it and comment out the line starting with default_ccache_name
Java does not support keyring credentials cache at this time, so Java processes will not have access to it and will fail if MIT kinit was used to create credentials.
(2)
"ICMP Port Unreachable" is a clear indicator that there the server side cannot access the port being requested. In thsi case, it should be port 88. Make sure your host's /etc/krb5.conf is configured with the realm in the [realms] section correctly. Your realm should have at least one "kdc" like like:
kdc = myadkdc.example.com:88
If that is configured, try running a telnet to that port like:
# telnet myadkdc.example.com 88
Maybe use wireshark or tcpdump too to debug what is going on...
07-12-2018 05:20 PM