Support Questions

ebeb · ‎06-23-2021

Hello Experts,

We are trying to do hdfs replication from prod(CDH 5.x) to test(CDP 7.x) and getting a kerberos principal error:

Server has invalid Kerberos principal: hdfs/prodhostxx.com@TESTREALM, expecting: hdfs/prodhostxx.com@PRODREALM

Not sure why it is picking up TEST realm instead of the PROD realm in the job. The Peer test shows connected fine. Thanks!

fmalterre · ‎06-24-2021

Hi,

did you check your krb5.conf file ?

ebeb · ‎06-26-2021

Yes /etc/krb5.conf was the issue in the destination TST cluster. Specifically the [domain_realm] section did not have proper mapping for the replication source prod hosts and the prod realm. Since the PRD and TST hosts were all in the same domain so it was not easy to map the domain and realm using just the .proddomainxyz.com = PRODREALM . Instead we had to specify the individual source prod hosts in the destination TST /etc/krb5.conf file as below:

[domain_realm]
prodhostxx1 = PRODREALM
prodhostxx2 = PRODREALM
prodhostxx3 = PRODREALM
etc. specify all the source prod hosts here

If we don't specify the prodhosts like above replication doesn't know how to map the prodhosts to the PRODREALM and picks up the default TSTREALM which is why the original wrong realm error happened. Thanks!

Cloudera Community

Support Questions

CDP 7.x replication kerberos error