Reply
Posts: 863
Topics: 1
Kudos: 199
Solutions: 106
Registered: ‎04-22-2014

Re: Error while enabling kerberos

@balusu

 

A couple things:

 

(1)

 

Your 'kinit' test shows that your krb5.conf is not configured for hadoop.

you have the default linux krb5.conf there.

 

Edit it and comment out the line starting with default_ccache_name

 

Java does not support keyring credentials cache at this time, so Java processes will not have access to it and will fail if MIT kinit was used to create credentials.

 

(2)

 

"ICMP Port Unreachable" is a clear indicator that there the server side cannot access the port being requested.  In thsi case, it should be port 88.  Make sure your host's /etc/krb5.conf is configured with the realm in the [realms] section correctly.  Your realm should have at least one "kdc" like like:

 

kdc = myadkdc.example.com:88

 

If that is configured, try running a telnet to that port like:

 

# telnet myadkdc.example.com 88

 

Maybe use wireshark or tcpdump too to debug what is going on...

 

Highlighted
Explorer
Posts: 23
Registered: ‎06-06-2018

Re: Error while enabling kerberos

@bgooley

 

Fantastic!...Both of the changes did the magic :) Kudos!!!

 

 

Announcements