Cloudera Community

Community Articles

Find and share helpful community-sourced technical articles.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
We’ve updated our product names and community labels - click here for full details

Ambari: Manually disable kerberos authentication for Ambari UI

Labels (1)
Labels:
avatar
author-rank cdraper
Rising Star

Created on ‎02-08-2017 12:19 PM

After trying to disable kerberos via the UI the following message is seen in the ambari-server logs and the service fails to start.

...INFO [main] KerberosChecker:57 - Checking Ambari Server Kerberos credentials. 

WARN [main] KerberosChecker:81 - /etc/security/keytabs/ambari.server.keytab doesn't exist 

ERROR [main] KerberosChecker:115 - Configuration Error - either doNotPrompt should be false or at least one of useTicketCache, useKeyTab, tryFirstPass and useFirstPass should be true

Edit: /etc/ambari-server/conf/ambari.properties

Ensure the following is set: kerberos.check.jaas.configuration=false Further disable kerberos for ambari server by removing:

  "-Djava.security.auth.login.config=/etc/ambari-server/conf/krb5JAASLogin.conf

-Djava.security.krb5.conf=/etc/krb5.conf

-Djavax.security.auth.useSubjectCredsOnly=false"

from AMBARI_JVM_ARGS value in /var/lib/ambari-server/ambari-env.sh

If you decide to enable kerberos again, you have to manually revert changes in /var/lib/ambari-server/ambari-env.sh

8,398 Views
Comments

Re: Ambari: Manually disable kerberos authentication for Ambari UI

avatar
author-rank chrsvarma
Super Collaborator

Created on ‎03-03-2017 11:33 PM

you saved my life 🙂

Re: Ambari: Manually disable kerberos authentication for Ambari UI

avatar
author-rank MarceloSaiedOK
Rising Star

Created on ‎11-22-2017 03:51 PM

When disabling Kerberos at Ambari .some configuration is misconfigures, and restarting Ambari server, you get this error

22 Nov 2017 12:30:53,837  INFO [main] KerberosChecker:64 - Checking Ambari Server Kerberos credentials.
22 Nov 2017 12:30:53,858 ERROR [main] KerberosChecker:120 - xxxxxxx.xxxxxxxx.com.ar: unknown error
22 Nov 2017 12:30:53,860 ERROR [main] AmbariServer:1073 - Failed to run the Ambari Server
org.apache.ambari.server.AmbariException: Ambari Server Kerberos credentials check failed.
Check KDC availability and JAAS configuration in /etc/ambari-server/conf/krb5JAASLogin.conf
  at org.apache.ambari.server.controller.utilities.KerberosChecker.checkJaasConfiguration(KerberosChecker.java:121)
  at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:1064)

the same worker for me

vi /etc/ambari-server/conf/ambari.properties

set the following


authentication.kerberos.enabled=false
kerberos.check.jaas.configuration=false

Re: Ambari: Manually disable kerberos authentication for Ambari UI

avatar
author-rank MarceloSaiedOK
Rising Star

Created on ‎01-29-2018 09:02 PM

Remember If you have KAFKA : you need to change at config -> kafka brokers ->

listeners back to PLAINTEXT://localhost:6667 (from PLAINTEXTSASL://localhost:6667)

Announcements
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
What's New @ Cloudera
Announcing Cloudera Data Services 1.5.5 SP2: AI Inference an...
What's New @ Cloudera
Announcing Cloudera Streams Messaging Operator for Kubernete...
View More Announcements
Version history
Last update:
‎02-08-2017 12:19 PM
Updated by:
Rising Star
Contributors