09-18-2017 12:53 PM
I hava a Java client that I run on my host (on which the quickstart.cloudera guest vm is running) to write data to hdfs of the quickstart vm.
I enabled kerberos security on the quick start vm. All good.
Tested that my client is not enabled to get write data any more
Exported hdfs to keytab
Try to kinit as hdfs (kinit -kt hdfs.keytab hdfs/quickstart.cloudera@CLOUDERA) from my host and get
"kinit: Cannot contact any KDC for realm 'CLOUDERA' while getting initial credentials"
Please note ..the same kinit command as above works fine on the cloudera.quickstart vm.
So the question is can I really kinit hdfs/quickstart.cloudera from another host or does it work on on the quickstart.cloudera VM? If answer is yes ..do I need to create new service prinicpal that is not specific to the host?
Let me also know if this is nonsense :)
Thanks in advance,
10-09-2017 09:54 AM
Is the Java client in the VM or just on the same host? If the same krb5.conf file as that in the VM exists and connection the the KDC server resolves properly, you should be able to kinit from another host.