https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-issue/m-p/191656#M68407 <P><EM>@<A href="https://community.hortonworks.com/users/1897/ashneesharma88.html">Ashnee Sharma</A></EM></P><P><EM>Notice krb5-auth-dialog is optional</EM></P><P><EM>Assuming you installed the KDC server</EM></P><PRE><EM>yum -y install krb5-server krb5-libs krb5-auth-dialog</EM></PRE><P><EM>Assuming you installed the KDC clients<BR /></EM></P><PRE><EM>yum -y install krb5-auth-dialog krb5-workstation </EM></PRE><P><EM>Your <B>/etc/krb5.conf</B> looks like below and copied to all the hosts in the cluster <BR /></EM></P><P></P><PRE><EM>[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] EXAMPLE.COM = { kdc = kdc.examplecom admin_server = kdc.examplecom } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM</EM></PRE><P><EM>Your <STRONG>kdc.conf </STRONG>should resemble this </EM></P><PRE><EM>[kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] EXAMPLE.COM = { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal }</EM></PRE><P><EM><BR /></EM></P><P><EM>You kadm5.acl in<STRONG> /var/kerberos/krb5kdc</STRONG> as below</EM></P><PRE><EM>*/admin@EAMPLE.COM *</EM></PRE><P><EM>Can you create an admin principal as suit<BR /></EM></P><PRE><EM># kadmin.local -q "addprinc admin/admin" Authenticating as principal admin/admin@EXAMPLE.COM with password. WARNING: no policy specified for admin/admin@EXAMPLE.COM; defaulting to no policy Enter password for principal "admin/admin@EXAMPLE.COM": Re-enter password for principal "admin/admin@EXAMPLE.COM": Principal "admin/admin@EXAMPLE.COM" created.</EM></PRE><P><EM>This is the principal you should use for the Ambari Kerberos,make sure you started the appropriate daemons below </EM></P><P><STRONG><EM>Centos7/RHEL7</EM></STRONG></P><PRE><EM># systemctl start krb5kdc # systemctl start kadmin</EM></PRE><P><STRONG><EM>Centos6/RHEL6</EM></STRONG></P><PRE><EM># systemctl start krb5kdc # systemctl start kadmin</EM></PRE><P><EM>All should be fine please let me know </EM></P> Thu, 21 Sep 2017 17:29:36 GMT Shelton 2017-09-21T17:29:36Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-issue/m-p/191655#M68406 <P>Hi I have is install HDP 2.5 and ambari 2.4. I have configured kdc server and then try to enable kerberos but my /etc/krb5.conf file getting change. And it gets failed with error</P><P> Command: [/usr/bin/kadmin, -s, abc.example.com, -p, root/admin@example.COM, -r, example.COM, -q, get_principal root/admin@example.COM]</P><P> ExitCode: 1</P><P> STDOUT: Authenticating as principal root/admin@example.COM with password.</P><P>Password for root/admin@example.COM:</P><P> STDERR: kadmin: Cannot read password while initializing kadmin interface</P><P>21 Sep 2017 12:21:16,295 ERROR [ambari-client-thread-32897] KerberosHelperImpl:1861 - Cannot validate credentials: org.apache.ambari.server.AmbariException: Unexpected error condition executing the kadmin command</P><P>21 Sep 2017 12:21:16,296 ERROR [ambari-client-thread-32897] AbstractResourceProvider:285 - Caught AmbariException when creating a resource</P> Thu, 21 Sep 2017 15:04:07 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-issue/m-p/191655#M68406 ashneesharma88 2017-09-21T15:04:07Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-issue/m-p/191656#M68407 <P><EM>@<A href="https://community.hortonworks.com/users/1897/ashneesharma88.html">Ashnee Sharma</A></EM></P><P><EM>Notice krb5-auth-dialog is optional</EM></P><P><EM>Assuming you installed the KDC server</EM></P><PRE><EM>yum -y install krb5-server krb5-libs krb5-auth-dialog</EM></PRE><P><EM>Assuming you installed the KDC clients<BR /></EM></P><PRE><EM>yum -y install krb5-auth-dialog krb5-workstation </EM></PRE><P><EM>Your <B>/etc/krb5.conf</B> looks like below and copied to all the hosts in the cluster <BR /></EM></P><P></P><PRE><EM>[logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true [realms] EXAMPLE.COM = { kdc = kdc.examplecom admin_server = kdc.examplecom } [domain_realm] .example.com = EXAMPLE.COM example.com = EXAMPLE.COM</EM></PRE><P><EM>Your <STRONG>kdc.conf </STRONG>should resemble this </EM></P><PRE><EM>[kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] EXAMPLE.COM = { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal }</EM></PRE><P><EM><BR /></EM></P><P><EM>You kadm5.acl in<STRONG> /var/kerberos/krb5kdc</STRONG> as below</EM></P><PRE><EM>*/admin@EAMPLE.COM *</EM></PRE><P><EM>Can you create an admin principal as suit<BR /></EM></P><PRE><EM># kadmin.local -q "addprinc admin/admin" Authenticating as principal admin/admin@EXAMPLE.COM with password. WARNING: no policy specified for admin/admin@EXAMPLE.COM; defaulting to no policy Enter password for principal "admin/admin@EXAMPLE.COM": Re-enter password for principal "admin/admin@EXAMPLE.COM": Principal "admin/admin@EXAMPLE.COM" created.</EM></PRE><P><EM>This is the principal you should use for the Ambari Kerberos,make sure you started the appropriate daemons below </EM></P><P><STRONG><EM>Centos7/RHEL7</EM></STRONG></P><PRE><EM># systemctl start krb5kdc # systemctl start kadmin</EM></PRE><P><STRONG><EM>Centos6/RHEL6</EM></STRONG></P><PRE><EM># systemctl start krb5kdc # systemctl start kadmin</EM></PRE><P><EM>All should be fine please let me know </EM></P> Thu, 21 Sep 2017 17:29:36 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-issue/m-p/191656#M68407 Shelton 2017-09-21T17:29:36Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-issue/m-p/191657#M68408 <P>@<A href="https://community.hortonworks.com/users/1271/sheltong.html">Geoffrey Shelton Okot</A></P><P>I have done same steps and got same error.</P> Thu, 21 Sep 2017 22:16:08 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-issue/m-p/191657#M68408 ashneesharma88 2017-09-21T22:16:08Z https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-issue/m-p/191658#M68409 <A rel="user" href="https://community.cloudera.com/users/1271/sheltong.html" nodeid="1271">@Geoffrey Shelton Okot</A><P>My issue is resolved. I have configure KDC server on different machine. Thanks for the help...!!!</P> Tue, 03 Oct 2017 19:47:16 GMT https://community.cloudera.com/t5/Archives-of-Support-Questions/Kerberos-issue/m-p/191658#M68409 ashneesharma88 2017-10-03T19:47:16Z