Community Articles
Find and share helpful community-sourced technical articles
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)
New Contributor

After trying to disable kerberos via the UI the following message is seen in the ambari-server logs and the service fails to start.

...INFO [main] KerberosChecker:57 - Checking Ambari Server Kerberos credentials. 

WARN [main] KerberosChecker:81 - /etc/security/keytabs/ambari.server.keytab doesn't exist 

ERROR [main] KerberosChecker:115 - Configuration Error - either doNotPrompt should be false or at least one of useTicketCache, useKeyTab, tryFirstPass and useFirstPass should be true 

Edit: /etc/ambari-server/conf/ambari.properties

Ensure the following is set: kerberos.check.jaas.configuration=false Further disable kerberos for ambari server by removing:

  "-Djava.security.auth.login.config=/etc/ambari-server/conf/krb5JAASLogin.conf

-Djava.security.krb5.conf=/etc/krb5.conf

-Djavax.security.auth.useSubjectCredsOnly=false" 

from AMBARI_JVM_ARGS value in /var/lib/ambari-server/ambari-env.sh

If you decide to enable kerberos again, you have to manually revert changes in /var/lib/ambari-server/ambari-env.sh

3,046 Views
Comments
Expert Contributor

you saved my life :)

Contributor

When disabling Kerberos at Ambari .some configuration is misconfigures, and restarting Ambari server, you get this error

22 Nov 2017 12:30:53,837  INFO [main] KerberosChecker:64 - Checking Ambari Server Kerberos credentials.
22 Nov 2017 12:30:53,858 ERROR [main] KerberosChecker:120 - xxxxxxx.xxxxxxxx.com.ar: unknown error
22 Nov 2017 12:30:53,860 ERROR [main] AmbariServer:1073 - Failed to run the Ambari Server
org.apache.ambari.server.AmbariException: Ambari Server Kerberos credentials check failed.
Check KDC availability and JAAS configuration in /etc/ambari-server/conf/krb5JAASLogin.conf
  at org.apache.ambari.server.controller.utilities.KerberosChecker.checkJaasConfiguration(KerberosChecker.java:121)
  at org.apache.ambari.server.controller.AmbariServer.main(AmbariServer.java:1064)

the same worker for me

vi /etc/ambari-server/conf/ambari.properties

set the following


authentication.kerberos.enabled=false
kerberos.check.jaas.configuration=false

Contributor

Remember If you have KAFKA : you need to change at config -> kafka brokers ->

listeners back to PLAINTEXT://localhost:6667 (from PLAINTEXTSASL://localhost:6667)

Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎02-08-2017 12:19 PM
Updated by:
 
Contributors
Top Kudoed Authors