Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

[ambari][kerberos]No valid credentials provided while performing HDFS tasks

Labels:
avatar
author-rank akhilsnaik author-rank
Guru

Created ‎08-08-2017 11:26 AM

I have a Kerberos enabled cluster with HDFS service installed on host1.

when i try to perform some operations on HDFS server, its failing with below error.

17/08/08 11:19:34 WARN ipc.Client: Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
report: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : local host is: "host1.example.com/172.26.110.122"; destination host is: "host1.example.com":8020;

I tried to execute klist

it shoes some certificates but seems expired.

Please help me on this error.

5,066 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎08-08-2017 11:44 AM

@Akhil S Naik

Please do a kinit with the hDFS keytab and see if it works:

Get Principal Name

# klist -kte /etc/security/keytabs/hdfs.headless.keytab 
Keytab name: FILE:/etc/security/keytabs/hdfs.headless.keytab
KVNO Timestamp  Principal
---- ------------------- ------------------------------------------------------
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (des-cbc-md5) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (des3-cbc-sha1) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (arcfour-hmac) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (aes256-cts-hmac-sha1-96) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (aes128-cts-hmac-sha1-96)

.

- Do a kinit

# kinit -kt /etc/security/keytabs/hdfs.headless.keytab  hdfs-kerberos_ambari@EXAMPLE.COM

.

Check the ticket.

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hdfs-kerberos_ambari@EXAMPLE.COM

Valid starting  Expires  Service principal
08/08/2017 11:43:48  08/09/2017 11:43:48  krbtgt/EXAMPLE.COM@EXAMPLE.COM



Then try again.

.

View solution in original post

3,856 Views
1 REPLY 1

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎08-08-2017 11:44 AM

@Akhil S Naik

Please do a kinit with the hDFS keytab and see if it works:

Get Principal Name

# klist -kte /etc/security/keytabs/hdfs.headless.keytab 
Keytab name: FILE:/etc/security/keytabs/hdfs.headless.keytab
KVNO Timestamp  Principal
---- ------------------- ------------------------------------------------------
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (des-cbc-md5) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (des3-cbc-sha1) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (arcfour-hmac) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (aes256-cts-hmac-sha1-96) 
  9 06/15/2017 10:01:12 hdfs-kerberos_ambari@EXAMPLE.COM (aes128-cts-hmac-sha1-96)

.

- Do a kinit

# kinit -kt /etc/security/keytabs/hdfs.headless.keytab  hdfs-kerberos_ambari@EXAMPLE.COM

.

Check the ticket.

# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hdfs-kerberos_ambari@EXAMPLE.COM

Valid starting  Expires  Service principal
08/08/2017 11:43:48  08/09/2017 11:43:48  krbtgt/EXAMPLE.COM@EXAMPLE.COM



Then try again.

.

3,857 Views
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements