question Re: HDFS is not accessible from an user after kerberos implementation in Support Questions https://community.cloudera.com/t5/Support-Questions/HDFS-is-not-accessible-from-an-user-after-kerberos/m-p/268757#M206399 <P><a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/49879">@pritam_konar</a>&nbsp;<BR /><BR /></P><P>Please make sure that you have a valid kerberos ticket before running a hdfs command.<BR />You can get a valid kerberos ticket as following:<BR /><BR /></P><P>1). Get the principal name from the keytab:</P><P><STRONG>Example:</STRONG></P><LI-CODE lang="python"># klist -kte /etc/security/keytabs/hdfs.headless.keytab Keytab name: FILE:/etc/security/keytabs/hdfs.headless.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 2 08/11/2019 01:58:27 hdfs-ker1latest@EXAMPLE.COM (des-cbc-md5) 2 08/11/2019 01:58:27 hdfs-ker1latest@EXAMPLE.COM (aes256-cts-hmac-sha1-96) 2 08/11/2019 01:58:27 hdfs-ker1latest@EXAMPLE.COM (des3-cbc-sha1) 2 08/11/2019 01:58:27 hdfs-ker1latest@EXAMPLE.COM (arcfour-hmac) 2 08/11/2019 01:58:27 hdfs-ker1latest@EXAMPLE.COM (aes128-cts-hmac-sha1-96)</LI-CODE><P>&nbsp;</P><P>2). Get a valid kerberos ticke t as following. Please not that in the following command your Principal name might be different based on your cluster. So please change the principal name according to the output that you received from above command.</P><LI-CODE lang="python"># kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-ker1latest@EXAMPLE.COM # klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: hdfs-ker1latest@EXAMPLE.COM Valid starting Expires Service principal 08/22/2019 22:47:43 08/23/2019 22:47:43 krbtgt/EXAMPLE.COM@EXAMPLE.COM</LI-CODE><P>3). Now try to run the same HDFS command. This time you should be able to run those commands successfully.</P><LI-CODE lang="python"># hadoop fs -ls /</LI-CODE><P><BR /><STRONG>*NOTE:*</STRONG> In the above case we are using "/etc/security/keytabs/hdfs.headless.keytab" in your case you can have your own a valid keytab that allows you to interact with HDFS then you should use that one. For testing you can use the hdfs.headless.keytab.</P> Thu, 22 Aug 2019 23:36:11 GMT jsensharma 2019-08-22T23:36:11Z