Community Articles
Find and share helpful community-sourced technical articles
Labels (1)
Explorer

After trying to disable kerberos via the UI the following message is seen in the ambari-server logs and the service fails to start.

...INFO [main] KerberosChecker:57 - Checking Ambari Server Kerberos credentials. 

WARN [main] KerberosChecker:81 - /etc/security/keytabs/ambari.server.keytab doesn't exist 

ERROR [main] KerberosChecker:115 - Configuration Error - either doNotPrompt should be false or at least one of useTicketCache, useKeyTab, tryFirstPass and useFirstPass should be true 

Edit: /etc/ambari-server/conf/ambari.properties

Ensure the following is set: kerberos.check.jaas.configuration=false Further disable kerberos for ambari server by removing:

  "-Djava.security.auth.login.config=/etc/ambari-server/conf/krb5JAASLogin.conf

-Djava.security.krb5.conf=/etc/krb5.conf

-Djavax.security.auth.useSubjectCredsOnly=false" 

from AMBARI_JVM_ARGS value in /var/lib/ambari-server/ambari-env.sh

If you decide to enable kerberos again, you have to manually revert changes in /var/lib/ambari-server/ambari-env.sh

4,332 Views
Comments
Expert Contributor

you saved my life :)

Contributor

When disabling Kerberos at Ambari .some configuration is misconfigures, and restarting Ambari server, you get this error

22 Nov 2017 12:30:53,837  INFO [main] KerberosChecker:64 - Checking Ambari Server Kerberos credentials.
22 Nov 2017 12:30:53,858 ERROR [main] KerberosChecker:120 - xxxxxxx.xxxxxxxx.com.ar: unknown error
22 Nov 2017 12:30:53,860 ERROR [main] AmbariServer:1073 - Failed to run the Ambari Server
org.apache.ambari.server.AmbariException: Ambari Server Kerberos credentials check failed.
Check KDC availability and JAAS configuration in /etc/ambari-server/conf/krb5JAASLogin.conf
  at org.apache.ambari.server.controller.utilities.KerberosChecker.checkJaasConfiguration(KerberosChecker.java:121)
  at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:1064)

the same worker for me

vi /etc/ambari-server/conf/ambari.properties

set the following


authentication.kerberos.enabled=false
kerberos.check.jaas.configuration=false

Contributor

Remember If you have KAFKA : you need to change at config -> kafka brokers ->

listeners back to PLAINTEXT://localhost:6667 (from PLAINTEXTSASL://localhost:6667)

Don't have an account?
Version history
Revision #:
1 of 1
Last update:
‎02-08-2017 12:19 PM
Updated by:
 
Contributors
Top Kudoed Authors