Re: Error while enabling kerberos

bgooley · ‎04-22-2014

A couple things:

(1)

Your 'kinit' test shows that your krb5.conf is not configured for hadoop.

you have the default linux krb5.conf there.

Edit it and comment out the line starting with default_ccache_name

Java does not support keyring credentials cache at this time, so Java processes will not have access to it and will fail if MIT kinit was used to create credentials.

(2)

"ICMP Port Unreachable" is a clear indicator that there the server side cannot access the port being requested. In thsi case, it should be port 88. Make sure your host's /etc/krb5.conf is configured with the realm in the [realms] section correctly. Your realm should have at least one "kdc" like like:

kdc = myadkdc.example.com:88

If that is configured, try running a telnet to that port like:

# telnet myadkdc.example.com 88

Maybe use wireshark or tcpdump too to debug what is going on...

balusu · ‎06-06-2018

@bgooley

Fantastic!...Both of the changes did the magic :) Kudos!!!

Re: Error while enabling kerberos

[ANNOUNCE] New Sentry How-To Video

Kerberos Migration - MIT to AD

Understanding tables in Sentry database

ERROR: GetRuntimeProfile error: User is not author...

Can hbase replication from a secure(kerberos) clus...

I want to install apache ranger with cloudera. Can...

must yarn configure containor executor in a kerber...

Impleted TLS, Unable to access CM after that

Document level authorisation in Solr

after installing sentry I get privilige errors in ...

Benchmark test ouput file permission denied (TestD...

SWICHDATABASE privilege missing error in HUE. User...

User Cloudera can't see any table or db in HUE aft...

SOLR collection accessible for everyone, although ...

Where to set sentry.hive.testing.mode property?