question Re: Kerberos Checksum error in Support Questions https://community.cloudera.com/t5/Support-Questions/Kerberos-Checksum-error/m-p/209236#M171192 <P><EM>@<A href="https://community.hortonworks.com/users/47312/baigmujeeb.html">M B</A></EM></P><P><EM>If you observe carefully, the encryption types in your krb5.conf have been commented out !!! The see the valid encryption types check your kdc.conf see below</EM></P><P><EM><STRONG># cat /var/kerberos/krb5kdc/kdc</STRONG><STRONG>.conf</STRONG> <BR /></EM></P><PRE>[kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] NANDOS.COM = { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal }</PRE><P><EM>From the output, this is your original master key because the KVNO is 1 </EM></P><PRE># kdb5_util list_mkeys Master keys for Principal: K/M@NANDOS.COM KVNO: 1, Enctype: aes256-cts-hmac-sha1-96, Active on: Thu Jan 01 01:00:00 CET 1970 * </PRE><P><EM>Output looks correct </EM></P><PRE># kadmin.local Authenticating as principal root/admin@NANDOS.COM with password. kadmin.local: getprinc hive/test.nandos.com@NANDOS.COM Principal: hive/test.nandos.com@NANDOS.COM Expiration date: [never] Last password change: Thu Aug 24 15:42:17 CEST 2017 Password expiration date: [none] Maximum ticket life: 1 day 00:00:00 Maximum renewable life: 0 days 00:00:00 Last modified: Thu Aug 24 15:42:17 CEST 2017 (root/admin@NANDOS.COM) Last successful authentication: [never] Last failed authentication: [never] Failed password attempts: 0 Number of keys: 8 Key: vno 1, aes256-cts-hmac-sha1-96 Key: vno 1, aes128-cts-hmac-sha1-96 Key: vno 1, des3-cbc-sha1 Key: vno 1, arcfour-hmac Key: vno 1, camellia256-cts-cmac Key: vno 1, camellia128-cts-cmac Key: vno 1, des-hmac-sha1 Key: vno 1, des-cbc-md5 MKey: vno 1 Attributes: Policy: [none] kadmin.local:</PRE><P><EM>Can you do the following as hive user,<BR /></EM></P><PRE>$ kdestroy</PRE><P><EM>Check for the correct principal</EM></P><PRE>$ klist -kt /etc/security/keytabs/hive.service.keytab</PRE><P><EM>Then using the correct principal run <B>kinit</B></EM></P><PRE>$kinit -kt /etc/security/keytabs/hive.service.keytab hive/hdata1.xxxx.local@xxxx.LOCAL</PRE><P><EM>Check the validity of the ticket </EM></P><PRE>$klist </PRE><P><EM>Try accessing </EM></P><PRE>$ beeline</PRE><P><EM>Connect with the correct principal</EM></P><PRE>!connect jdbc:hive2://localhost:10000/default;principal=hive/hdata1.xxxx.local@xxxx.LOCAL;auth=kerberos</PRE><P><EM>That should work please revert</EM></P> Mon, 27 Nov 2017 06:43:56 GMT Shelton 2017-11-27T06:43:56Z