Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Kerberos authentication issue

avatar
author-rank aliyesami
Super Collaborator

Created ‎07-11-2017 09:09 PM

I am trying to get a ticket from Kerberos but its failing . I have created another keytab but no luck . 

[root@hadoop1 scripts]# klist -kte /etc/krb5.keytab | grep hdfs
   2 07/11/17 16:46:53 hdfs-fdot_hdc@TOLLS.DOT.STATE.FL.US (aes256-cts-hmac-sha1-96)
   2 07/11/17 16:46:53 hdfs-fdot_hdc@TOLLS.DOT.STATE.FL.US (aes128-cts-hmac-sha1-96)
   2 07/11/17 16:46:53 hdfs-fdot_hdc@TOLLS.DOT.STATE.FL.US (des3-cbc-sha1)
   2 07/11/17 16:46:53 hdfs-fdot_hdc@TOLLS.DOT.STATE.FL.US (arcfour-hmac)
[root@hadoop1 scripts]#
[root@hadoop1 scripts]# klist -kte  /etc/security/keytabs/hdfs.headless.keytab | grep hdfs
Keytab name: FILE:/etc/security/keytabs/hdfs.headless.keytab
   1 07/11/17 10:59:01 hdfs-fdot_hdc@TOLLS.DOT.STATE.FL.US (arcfour-hmac)
   1 07/11/17 10:59:01 hdfs-fdot_hdc@TOLLS.DOT.STATE.FL.US (des3-cbc-sha1)
   1 07/11/17 10:59:01 hdfs-fdot_hdc@TOLLS.DOT.STATE.FL.US (aes128-cts-hmac-sha1-96)
   1 07/11/17 10:59:01 hdfs-fdot_hdc@TOLLS.DOT.STATE.FL.US (aes256-cts-hmac-sha1-96)
   1 07/11/17 10:59:01 hdfs-fdot_hdc@TOLLS.DOT.STATE.FL.US (des-cbc-md5)
[root@hadoop1 scripts]#

[root@hadoop1 scripts]# kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-fdot_hdc@TOLLS.DOT.STATE.FL.US
kinit: Password incorrect while getting initial credentials
[root@hadoop1 scripts]#

[root@hadoop1 scripts]# kinit -kt /etc/krb5.keytab hdfs-fdot_hdc@TOLLS.DOT.STATE.FL.US
kinit: Password incorrect while getting initial credentials
[root@hadoop1 scripts]#
18,232 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank aliyesami
Super Collaborator

Created ‎07-11-2017 10:51 PM

this article fixed the issue. The key version number was mismatching between the keytab and the kdc . The keytab files must have been hanging around from previous installation .

https://cwiki.apache.org/confluence/display/AMBARI/Automated+Kerberization+Troubleshooting

View solution in original post

14,669 Views
0 Kudos
1 REPLY 1

avatar
author-rank aliyesami
Super Collaborator

Created ‎07-11-2017 10:51 PM

this article fixed the issue. The key version number was mismatching between the keytab and the kdc . The keytab files must have been hanging around from previous installation .

https://cwiki.apache.org/confluence/display/AMBARI/Automated+Kerberization+Troubleshooting

14,670 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements