Support Questions

Find answers, ask questions, and share your expertise

Cannot Create Key in Ranger KMS

avatar
Expert Contributor

keyadmin user failed to create keys in Ranger KMS. Found the below in kms-audit.log:

2016-05-27 05:58:59,555 UNAUTHENTICATED RemoteHost:10.0.0.163 Method:POST URL:http://xxx:9292/kms/v1/keys?user.name=keyadmin ErrorMsg:'Authentication required'

This is a Kerberos enabled cluster. Following the install document, I have already created keyadmin principal in Kerberos and did the setting in Ranger KMS to use kerberos authentication. I was able to log in into Ranger KMS, but failed creating keys with above UNAUTHENTICATED error.

Although I have keyadmin user created on Ranger user sync node and configured Ranger usersync to use Unix sync, but I couldn't find keyadmin user in Ranger User tab. I am not sure if this relates to the KMS error.

Any idea to solve this?

Thanks,

1 ACCEPTED SOLUTION

avatar
Expert Contributor

I solved this issue by change username to keyadmin@REALM.COM from Ranger KMS repository config UI directly.

Configuring this in Ambari Ranger KMS UI and restarting Ranger and Ranger KMS services didn't apply to the actual KMS repository config property.

View solution in original post

6 REPLIES 6

avatar

Hi @yjiang

Can you try restarting all Ranger services.

Both Ranger KMS and Ranger Admin.

Also verify from Ranger KMS UI that you can see correct principal in Ranger KMS repository configuration.

It should be something like keyadmin@REALM.COM

Login using keyadmin user. Also share screenshots of your configuration.

avatar
Expert Contributor

Hi @Rahul Pathak

I tried restarting all Ranger services but it didn't change the status.

I attached my configuration.

kms-repo-conf.png

ranger-users.png

ranger-permission.png

avatar
Expert Contributor

I solved this issue by change username to keyadmin@REALM.COM from Ranger KMS repository config UI directly.

Configuring this in Ambari Ranger KMS UI and restarting Ranger and Ranger KMS services didn't apply to the actual KMS repository config property.

avatar
Super Collaborator

@yjiang

Hi, I am having this issue, can you please describe where you changed the username. I have put it in the Ranger-kms / Config / Advanced-kms-properties as keyadmin@REALM.COM

But it is not working, and same error persists.

Thanks for your help.

Avijeet

avatar
Explorer

Hey I am getting error while adding new key to ranger kms web UI..it is saying HTTP STATUS 401-UNAUTHORIZED

 

avatar
Community Manager

@vi1, as this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post.



Regards,

Vidya Sargur,
Community Manager


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community: