We have configured CDH 5.10 cluster using CentOS 7 Servers. Its working with basic authentication. But when we enabled Kerberos on Cloudera manager using Wizard, we are facing following issues in cluster.
Please note that KDC is configured on different server other than CM Servers and hosts. Kerberos wizard ran successfully.
1. HDFS (canary, connection) fail after enabling kerberos security
2. HistoryServer not able read log after anabling kerberos
3. Job History server is failing to start with stale file handle
4. Hue: The Cloudera Manager Agent is not able to communicate with this role's web server
5. kinit: KDC has no support for encryption type while getting initial credentials
Please suggest do we need any additional configuration to get the Kerberos authentication working?
From the error message, it looks like the encryption type configured for Kerberos clients (all your cluster nodes) is not supported by your KDC, which is why none of the services can authenticate.
Please compare the kerberos server and client configurations and reconfigure krb5.conf on all your nodes to explicitly use the supported encryption type.