https://community.cloudera.com/t5/Support-Questions/Kerberos-Checksum-error/m-p/209235#M171191 <P>Hi,</P><P>I am having trouble with beeline on hiveserver2 direct mode, kerberos is spitting Mechanism level: Checksum failed error</P><P>In my krb5.conf I got the tgs and tkt encryption entries as follows:</P><P><STRONG>#default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 <BR /></STRONG></P><P><STRONG> #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5</STRONG></P><P>listing master keys is as follows:</P><P>root@hmaster:~# <STRONG>kdb5_util list_mkeys</STRONG> </P><P>Master keys for Principal: K/M@xxxx.LOCAL </P><P>KVNO: 1, Enctype: <STRONG>des3-cbc-sha1</STRONG>, Active on: Thu Jan 01 01:00:00 BST 1970 *</P><P>getprinc output shows it is using AES-256 encryption</P><P>kadmin.local: <STRONG>getprinc hive/hdata1.xxxx.local@xxxx.LOCAL</STRONG> </P><P>Principal: hive/hdata1.xxxx.local@xxxx.LOCAL </P><P>Expiration date: [never] Last password change: Fri Nov 24 21:01:55 GMT 2017 </P><P>Password expiration date: [none] </P><P>Maximum ticket life: 0 days 10:00:00 </P><P>Maximum renewable life: 7 days 00:00:00 </P><P>Last modified: Fri Nov 24 21:01:55 GMT 2017 (admin/admin@xxxx.LOCAL) </P><P>Last successful authentication: Sat Nov 25 22:17:56 GMT 2017 </P><P>Last failed authentication: [never] Failed password attempts: 0 </P><P>Number of keys: 8 </P><P>Key: vno 1, aes256-cts-hmac-sha1-96, no salt </P><P>Key: vno 1, arcfour-hmac, no salt </P><P>Key: vno 1, des3-cbc-sha1, no salt </P><P>Key: vno 1, des-cbc-crc, no salt </P><P>Key: vno 1, des-cbc-md5, Version 4 </P><P>Key: vno 1, des-cbc-md5, Version 5 - No Realm </P><P>Key: vno 1, des-cbc-md5, Version 5 - Realm Only </P><P>Key: vno 1, des-cbc-md5, AFS version 3 </P><P>MKey: vno 1 </P><P>Attributes: REQUIRES_PRE_AUTH </P><P>Policy: [none] kadmin.local:</P><P>Is this normal that kdb is listing only one masterkey of des3 encryption and service principal is using AES-256</P><P>Thanks</P><P>MB</P> Sun, 26 Nov 2017 06:53:32 GMT baig_mujeeb 2017-11-26T06:53:32Z