Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Atlas application log showing below error

Labels:
avatar
author-rank jyadav
Super Guru

Created ‎09-13-2016 08:12 PM

After enabling kerberos we are seeing below errors in atlas application log.

WARN - [3e0a832b-bc1f-43bf-ab70-fe616747cf1a:] ~ Authentication exception: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (

400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC) (AuthenticationFilter:586)

Below is the klist output.

klist -kte atlas.service.keytab

Keytab name: FILE:atlas.service.keytab

KVNO Timestamp         Principal

---- ----------------- --------------------------------------------------------

   4 01/01/70 01:00:00 atlas/xxx (DES cbc mode with CRC-32)

   4 01/01/70 01:00:00 atlas/xxx (DES cbc mode with RSA-MD5)

   4 01/01/70 01:00:00 atlas/xxx (ArcFour with HMAC/md5)

   4 01/01/70 01:00:00 atlas/xxx (AES-256 CTS mode with 96-bit SHA-1 HMAC)

   4 01/01/70 01:00:00 atlas/xxx (AES-128 CTS mode with 96-bit SHA-1 HMAC)

Checked kerberos kvno number for that principal from KDC and keytab file and both are same. Please guide.

1,602 Views
0
1 ACCEPTED SOLUTION

avatar
author-rank jyadav
Super Guru

Created ‎09-13-2016 08:47 PM

I found out the issue, actually we enabled the spnego for atlas therefore it was checking the spnego.service.keytab file. Somehow user "atlas" got removed from the application group therefore didn't had read permission on spnego.service.keytab file. Once we given read permission issue got resolved. Thanks

View solution in original post

1,482 Views
0
1 REPLY 1

avatar
author-rank jyadav
Super Guru

Created ‎09-13-2016 08:47 PM

I found out the issue, actually we enabled the spnego for atlas therefore it was checking the spnego.service.keytab file. Somehow user "atlas" got removed from the application group therefore didn't had read permission on spnego.service.keytab file. Once we given read permission issue got resolved. Thanks

1,483 Views
0
Announcements
Community Announcements
April 2025 Cloudera Customer Advisory: Cloudera’s response t...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
February 2025 Community Highlights
What's New @ Cloudera
3 Benefits of External IDE Connectivity, Now Available in Cl...
View More Announcements