Import KDC Account Manager Credentials Failed

While importing the KDC account manager credentials, I got the error below.

/usr/share/cmf/bin/ failed with exit code 1 and output of <<
+ export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
+ PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games
+ KEYTAB_OUT=/tmp/cmf406007964973132738.keytab
+ USER=cloudera-scm/admin@ATHENA.MIT.EDU
+ KVNO=1
+ RHEL_FILE=/etc/redhat-release
+ '[' -f /etc/redhat-release ']'
+ '[' -z /etc/krb5.conf ']'
+ echo 'Using custom config path '\''/etc/krb5.conf'\'', contents below:'
+ cat /etc/krb5.conf
+ IFS=' '
+ read -a ENC_ARR
+ ktutil
+ for ENC in '"${ENC_ARR[@]}"'
+ echo 'addent -password -p cloudera-scm/admin@ATHENA.MIT.EDU -k 1 -e rc4-hmac'
+ '[' 0 -eq 1 ']'
+ echo 'wkt /tmp/cmf406007964973132738.keytab'
+ chmod 600 /tmp/cmf406007964973132738.keytab
+ kinit -k -t /tmp/cmf406007964973132738.keytab cloudera-scm/admin@ATHENA.MIT.EDU
kinit: Cannot contact any KDC for realm 'ATHENA.MIT.EDU' while getting initial credentials



  kdc_ports = 88
  kdc_tcp_ports = 88


        ATHENA.MIT.EDU = {

        max_renewable_life = 7d 0h 0m 0s
        master_key_type = aes256-cts
        database_name = /var/krb5kdc/principal
        key_stash_file = /var/krb5kdc/.k5.ATHENA.MIT.EDU
        acl_file = /var/krb5kdc/kadm5.acl
        dict_file = /usr/share/dict/words
        supported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal
        default_principal_flags = +renewable, +forwardable


    default_realm = ATHENA.MIT.EDU
    dns_lookup_kdc = false
    dns_lookup_realm = false
    ticket_lifetime = 24h
    renew_lifetime = 7d
    forwardable = true

        kdc =
        admin_server =
        master_kdc =
[domain_realm] = ATHENA.MIT.EDU = ATHENA.MIT.EDU

    default = CONSOLE
    admin_server = FILE:/var/krb5kdc/adlog
    kdc = FILE:/var/krb5kdc/kdclog


*/admin@ATHENA.MIT.EDU  *



Also, I did run 

kinit cloudera-scm/admin@ATHENA.MIT.EDU

 in my console, and it is totally fine. Can anyone give me some insights in solving this issue please?


Re: Import KDC Account Manager Credentials Failed

Super Collaborator



What version CM/CDH are you over, looks like 5.8?

What JDK/OS is this over?

What version of MIT KRB5 server KDC are we configuring against here?


when you look at the CM principal entry that is on the KDC, what enctypes is the user populated with?  


kinit cloudera-scm/admin@ATHENA.MIT.EDU

kadmin -r ATHENA.MIT.EDU -q "getprinc cloudera-scm/admin@ATHENA.MIT.EDU"





Re: Import KDC Account Manager Credentials Failed

Master Guru
In addition to Grizzly's comments, can you also confirm that there exists a krb5.conf with your shown content on the CM Server host at the path /etc/krb5.conf?

Re: Import KDC Account Manager Credentials Failed

New Contributor

Did you fix this issue ?  


We are seeing the same:

/usr/share/cmf/bin/ failed with exit code 1 and output of << 

kinit: Preauthentication failed while getting initial credentials