Support Questions
Find answers, ask questions, and share your expertise

Cloudera asks for Kerberos TGT ticket every 30 seconds

Highlighted

Cloudera asks for Kerberos TGT ticket every 30 seconds

New Contributor

We have Cloudera 7.0.3 cluster, with Kerberos enabled, Ranger, and FreeIPA as KDC.
OS RHEL 7.8 on all hosts in cluster.
On a FreeIpa host, in krb5kdc.log, one can see TGS_REQ request like this every 30 seconds:

Jun 29 18:49:32 "freeIPA_host" krb5kdc[45414](info): TGS_REQ (1 etypes {18}) "freeIPA_ip": ISSUE: authtime 1593445168, etypes {rep=18 tkt=18 ses=18}, hdfs/some.host@SOMED.DOMAIN for HTTP/some.host@SOMED.DOMAIN

After reading this article: https://blog.cloudera.com/hadoop-delegation-tokens-explained/
dfs.namenode.delegation.token.renew-interval and fs.namenode.delegation.token.max-lifetime params were added to both KMS and HDFS NameNode configs, to no avail.


After reading this question: How do you set the Kerberos ticket lifetime from Java?

Newer version of Java were installed on all machines in the cluster.
https://bugs.openjdk.java.net/browse/JDK-8044500

New jdk was also explicitly set in the Cloudera Manager as JAVA_HOME, but again, the problem is still there.

 

What could be the cause of this problem and how can it be fixed?