Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Welcome to the upgraded Community! Read this blog to see What’s New!
Solved Go to solution

Atlas application log showing below error

Labels:
avatar
author-rank jyadav
Guru

Created ‎09-13-2016 08:12 PM

After enabling kerberos we are seeing below errors in atlas application log.

WARN - [3e0a832b-bc1f-43bf-ab70-fe616747cf1a:] ~ Authentication exception: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (

400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC) (AuthenticationFilter:586)

Below is the klist output.

klist -kte atlas.service.keytab

Keytab name: FILE:atlas.service.keytab

KVNO Timestamp         Principal

---- ----------------- --------------------------------------------------------

   4 01/01/70 01:00:00 atlas/xxx (DES cbc mode with CRC-32)

   4 01/01/70 01:00:00 atlas/xxx (DES cbc mode with RSA-MD5)

   4 01/01/70 01:00:00 atlas/xxx (ArcFour with HMAC/md5)

   4 01/01/70 01:00:00 atlas/xxx (AES-256 CTS mode with 96-bit SHA-1 HMAC)

   4 01/01/70 01:00:00 atlas/xxx (AES-128 CTS mode with 96-bit SHA-1 HMAC)

Checked kerberos kvno number for that principal from KDC and keytab file and both are same. Please guide.

954 Views
1 ACCEPTED SOLUTION

avatar
author-rank jyadav
Guru

Created ‎09-13-2016 08:47 PM

I found out the issue, actually we enabled the spnego for atlas therefore it was checking the spnego.service.keytab file. Somehow user "atlas" got removed from the application group therefore didn't had read permission on spnego.service.keytab file. Once we given read permission issue got resolved. Thanks

View solution in original post

834 Views
1 REPLY 1

avatar
author-rank jyadav
Guru

Created ‎09-13-2016 08:47 PM

I found out the issue, actually we enabled the spnego for atlas therefore it was checking the spnego.service.keytab file. Somehow user "atlas" got removed from the application group therefore didn't had read permission on spnego.service.keytab file. Once we given read permission issue got resolved. Thanks

835 Views
Announcements
What's New @ Cloudera
Cloudera Streaming Analytics (CSA) 1.11 with support for Ice...
What's New @ Cloudera
Cloudera Operational Database (COD) supports creating an ope...
What's New @ Cloudera
Cloudera Operational Database (COD) is available as a Techni...
What's New @ Cloudera
Cloudera Operational Database (COD) has removed the COD_ON_G...
Community Announcements
Introducing the new and improved Community!
View More Announcements
Labels