Reply
krb
New Contributor
Posts: 5
Registered: ‎07-25-2018

Re: javax.security.auth.login.LoginException: Client not found in Kerberos database (6) - CLIENT_NOT

[ Edited ]

@bgooley

Thanks!. 

I just groomed all krb5.* files on all hosts and re-enable the kerberos through CM where it can regenerate all missing credentials including managing krb. This time I gave freehand to CM to create individual service princiaples to various services(hdfs, hive, hue, etc.) instead of existing service principle (a system user). 

This time Zookeeper started successfully but not HDFS. The HttpFS is also started in HDFS. I can't see any errors but can see WARNINGS in log file

 

 

CredentialManager kt_renewer WARNING Couldn't kinit as 'HTTP/xxx.xx.com' using
/run/cloudera-scm-agent/process/1330-hdfs-HTTPFS/httpfs.keytab --- kinit:
Client 'HTTP/xxx.xx.xxx.xx@xx.xx.xx' not found in Kerberos database while getting
initial credentials

 

 

Highlighted
Posts: 1,043
Topics: 1
Kudos: 262
Solutions: 130
Registered: ‎04-22-2014

Re: javax.security.auth.login.LoginException: Client not found in Kerberos database (6) - CLIENT_NOT

@krb,

 

What you provided appears to be an agent log message that indicates an attempt to kinit with the HTTP principal on the host where HTTPFS role runs was not successful.  Check on the host where the httpfs role runs and make sure the krb5.conf file is correct.  This shoud not impact HDFS as a whole since HTTPFS is a client of HDFS really.

 

Cloudera Manager should merge the HTTP principal automatically, so please run the following to make sure the keytab has the right keys:

 

# klist -kte /run/cloudera-scm-agent/process/1330-hdfs-HTTPFS/httpfs.keytab

 

 

Announcements