question Re: After enabling kerberos (local MIT) unable to access the HDFS. in Support Questions

question Re: After enabling kerberos (local MIT) unable to access the HDFS. in Support Questions https://community.cloudera.com/t5/Support-Questions/After-enabling-kerberos-local-MIT-unable-to-access-the-HDFS/m-p/280102#M208677 <a href="https://community.cloudera.com/t5/user/viewprofilepage/user-id/19178">@saivenkatg55</a> What do you mean by local (MIT) if I guess right you are accessing the HDP cluster from a client laptop or edge node where you installed the Kerberos client libraries. To communicate with secure Hadoop clusters that use Kerberos authentication, known as Kerberized clusters, a client uses the Kerberos client utilities. You MUST install these utilities on the same system where you are connecting from.For Linux desktops here are the different optionsUbunt: # apt install krb5-user RHEL/Centos: # yum install -y krb5-server krb5-libs krb5-workstationThese packages deliver the krb5.conf that the client should configure to connect to a kerberized cluster, the easier and recommended way is to copy the krb5.conf from the kdc server to all clients that need to connect to the Kerberized cluster in RHEL/CentOS it's located in /etc/krb5.conf. This file has the pointer to the REALM, KDC and ADMIN serverHere is an example[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = REDHAT.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] REDHAT.COM = { kdc = KDC.REDHAT.COM admin_server = KDC.REDHAT.COM } [domain_realm] .redhat.com = REDHAT.COM redhat.com = REDHAT.COM Else share /var/log/kadmind.log and /var/log/kadmind.log HTH Mon, 14 Oct 2019 17:51:19 GMT Shelton 2019-10-14T17:51:19Z