Support Questions
Find answers, ask questions, and share your expertise
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Issue during kerberos deployment


Issue during kerberos deployment

New Contributor

I tried to integrate kerberoes into my existing cloudera test environment and stumple upon some errors. 


CDH 5.12.1 is in use.


My problem occurs during kudu startup and I am pretty sure its somehow related to the FQDN. I get the following error during start:

Bad status: Runtime error: unable to kinit: unable to login from keytab: Keytab contains no suitable keys for kudu/[hostname.DOMAIN.XX]@[AD-Domain]

 For that reason I checked the keytab file and see the following:


# klist -kte /run/cloudera-scm-agent/process/2121-kudu-KUDU_MASTER/kudu.keytab
Keytab name: FILE:/run/cloudera-scm-agent/process/2121-kudu-KUDU_MASTER/kudu.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
1 10/13/2017 08:57:10 kudu/[hostname]@[AD-Domain] (arcfour-hmac)



I guess the issue comes from different principal names. I have "kudu/[hostname]@[AD-Domain]" in the keytab while the service searches for "kudu/[hostname.DOMAIN.XX]@[AD-Domain]" during startup.


Unfortunately I have no idea on how to fix this issue. Maybe someone of you can give me a hint?


Thank you for your support!



Re: Issue during kerberos deployment

Kerberos service principals have three parts, the service name, the hostname, and the domain name. The hostname must be in the formation of fully qualified domain name. That is why the service is looking for it in that format while the keytab does not contain an entry for that principal. Recreate the keytab file with the principal in the correct format and you should be good.
Don't have an account?
Coming from Hortonworks? Activate your account here