Support Questions

jyadav · ‎09-13-2016

After enabling kerberos we are seeing below errors in atlas application log.

WARN - [3e0a832b-bc1f-43bf-ab70-fe616747cf1a:] ~ Authentication exception: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (

400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC) (AuthenticationFilter:586)

Below is the klist output.

klist -kte atlas.service.keytab

Keytab name: FILE:atlas.service.keytab

KVNO Timestamp Principal

---- ----------------- --------------------------------------------------------

4 01/01/70 01:00:00 atlas/xxx (DES cbc mode with CRC-32)

4 01/01/70 01:00:00 atlas/xxx (DES cbc mode with RSA-MD5)

4 01/01/70 01:00:00 atlas/xxx (ArcFour with HMAC/md5)

4 01/01/70 01:00:00 atlas/xxx (AES-256 CTS mode with 96-bit SHA-1 HMAC)

4 01/01/70 01:00:00 atlas/xxx (AES-128 CTS mode with 96-bit SHA-1 HMAC)

Checked kerberos kvno number for that principal from KDC and keytab file and both are same. Please guide.

jyadav · ‎09-13-2016

I found out the issue, actually we enabled the spnego for atlas therefore it was checking the spnego.service.keytab file. Somehow user "atlas" got removed from the application group therefore didn't had read permission on spnego.service.keytab file. Once we given read permission issue got resolved. Thanks

View solution in original post

jyadav · ‎09-13-2016

I found out the issue, actually we enabled the spnego for atlas therefore it was checking the spnego.service.keytab file. Somehow user "atlas" got removed from the application group therefore didn't had read permission on spnego.service.keytab file. Once we given read permission issue got resolved. Thanks

Cloudera Community

Support Questions

Atlas application log showing below error