Created 09-13-2016 08:12 PM
After enabling kerberos we are seeing below errors in atlas application log.
WARN - [3e0a832b-bc1f-43bf-ab70-fe616747cf1a:] ~ Authentication exception: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (
400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC) (AuthenticationFilter:586)
Below is the klist output.
klist -kte atlas.service.keytab
Keytab name: FILE:atlas.service.keytab
KVNO Timestamp Principal
---- ----------------- --------------------------------------------------------
4 01/01/70 01:00:00 atlas/xxx (DES cbc mode with CRC-32)
4 01/01/70 01:00:00 atlas/xxx (DES cbc mode with RSA-MD5)
4 01/01/70 01:00:00 atlas/xxx (ArcFour with HMAC/md5)
4 01/01/70 01:00:00 atlas/xxx (AES-256 CTS mode with 96-bit SHA-1 HMAC)
4 01/01/70 01:00:00 atlas/xxx (AES-128 CTS mode with 96-bit SHA-1 HMAC)
Checked kerberos kvno number for that principal from KDC and keytab file and both are same. Please guide.
Created 09-13-2016 08:47 PM
I found out the issue, actually we enabled the spnego for atlas therefore it was checking the spnego.service.keytab file. Somehow user "atlas" got removed from the application group therefore didn't had read permission on spnego.service.keytab file. Once we given read permission issue got resolved. Thanks
Created 09-13-2016 08:47 PM
I found out the issue, actually we enabled the spnego for atlas therefore it was checking the spnego.service.keytab file. Somehow user "atlas" got removed from the application group therefore didn't had read permission on spnego.service.keytab file. Once we given read permission issue got resolved. Thanks