Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Import KDC Account Manager Credentials Failed

Import KDC Account Manager Credentials Failed

Explorer

While importing the KDC account manager credentials, I got the error below.

/usr/share/cmf/bin/import_credentials.sh failed with exit code 1 and output of <<
+ export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
+ PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
+ KEYTAB_OUT=/tmp/cmf406007964973132738.keytab
+ USER=cloudera-scm/admin@ATHENA.MIT.EDU
+ PASSWD=REDACTED
+ KVNO=1
+ SLEEP=0
+ RHEL_FILE=/etc/redhat-release
+ '[' -f /etc/redhat-release ']'
+ '[' -z /etc/krb5.conf ']'
+ echo 'Using custom config path '\''/etc/krb5.conf'\'', contents below:'
+ cat /etc/krb5.conf
+ IFS=' '
+ read -a ENC_ARR
+ ktutil
+ for ENC in '"${ENC_ARR[@]}"'
+ echo 'addent -password -p cloudera-scm/admin@ATHENA.MIT.EDU -k 1 -e rc4-hmac'
+ '[' 0 -eq 1 ']'
+ echo REDACTED
+ echo 'wkt /tmp/cmf406007964973132738.keytab'
+ chmod 600 /tmp/cmf406007964973132738.keytab
+ kinit -k -t /tmp/cmf406007964973132738.keytab cloudera-scm/admin@ATHENA.MIT.EDU
kinit: Cannot contact any KDC for realm 'ATHENA.MIT.EDU' while getting initial credentials

kdc.conf

[kdcdefaults]

  kdc_ports = 88
  kdc_tcp_ports = 88


[realms]

        ATHENA.MIT.EDU = {

        max_renewable_life = 7d 0h 0m 0s
        master_key_type = aes256-cts
        database_name = /var/krb5kdc/principal
        key_stash_file = /var/krb5kdc/.k5.ATHENA.MIT.EDU
        acl_file = /var/krb5kdc/kadm5.acl
        dict_file = /usr/share/dict/words
        supported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal
        default_principal_flags = +renewable, +forwardable
    }

krb5.conf

[libdefaults]
    default_realm = ATHENA.MIT.EDU
    dns_lookup_kdc = false
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true

[realms]
    ATHENA.MIT.EDU = {
        kdc = vincent.mit.edu:88
        admin_server = vincent.mit.edu:749
        master_kdc = vincent.mit.edu:88
    }
   
[domain_realm]

     mit.edu = ATHENA.MIT.EDU
    .mit.edu = ATHENA.MIT.EDU

[logging]
    default = CONSOLE
    admin_server = FILE:/var/krb5kdc/adlog
    kdc = FILE:/var/krb5kdc/kdclog

kadm5.acl

*/admin@ATHENA.MIT.EDU  *

 

 

Also, I did run 

kinit cloudera-scm/admin@ATHENA.MIT.EDU

 in my console, and it is totally fine. Can anyone give me some insights in solving this issue please?

3 REPLIES 3

Re: Import KDC Account Manager Credentials Failed

Super Collaborator

 

 

What version CM/CDH are you over, looks like 5.8?


What JDK/OS is this over?


What version of MIT KRB5 server KDC are we configuring against here?

 

when you look at the CM principal entry that is on the KDC, what enctypes is the user populated with?  

 

kinit cloudera-scm/admin@ATHENA.MIT.EDU

kadmin -r ATHENA.MIT.EDU -q "getprinc cloudera-scm/admin@ATHENA.MIT.EDU"

 

Thanks.

 

 

Re: Import KDC Account Manager Credentials Failed

Master Guru
In addition to Grizzly's comments, can you also confirm that there exists a krb5.conf with your shown content on the CM Server host at the path /etc/krb5.conf?

Re: Import KDC Account Manager Credentials Failed

New Contributor

Did you fix this issue ?  

 

We are seeing the same:

/usr/share/cmf/bin/import_credentials.sh failed with exit code 1 and output of << 

...
...
kinit: Preauthentication failed while getting initial credentials