HDP 2.3.4, Ambari 2.1.2, Keberos in place
Centrify integration is in place.
We are using Open JDK Java 1.8.0_65.
Error while accessing webhcat
HTTP ERROR: 403
Problem accessing /templeton/v1/status. Reason:
GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
Powered by Jetty://
Looks like a conflict in http protocol between Centrify and Kerberos. Check to see if /etc/centrifydc/centrifydc.conf config file has this property adclient.krb5.service.principals and that the value don't have http and nfs. If http is there, SPNEGO won't work. The latter, nfs, will cause issues with DNs and won't start properly but this is a different issue. Check to see as well if the encryption algorithms in KDC matches what is being allowed in AD/Centrify.
I am facing the same issue on HDP 2.4. (not with Centrify) . What is the proposed solution for this?
type Status report
message GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
description Access to the specified resource has been forbidden.
@Neeraj Sabharwal ..i am also getting same error.. can you please tell what was resolution?
java version "1.7.0_121" OpenJDK Runtime Environment (rhel-184.108.40.206.el6_8-x86_64 u121-b00) OpenJDK 64-Bit Server VM (build 24.121-b00, mixed mode)