Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Kerberos Error

Highlighted

Kerberos Error

Contributor

Hello All,

 

When I login to our Name Node, terminal window and run klist I get the below details,

 

[my_id@MYHOSTNAME ~]$ klist
Ticket cache: KEYRING:persistent:309057:krb_ccache_0yNoeTe
Default principal: MY_ID@MY DOMAIN.COM

Valid starting Expires Service principal
02/21/2019 18:31:50 02/22/2019 04:31:50 krbtgt/MY DOMAIN.COM
renew until 02/28/2019 18:31:50

 

When I sudo -su hdfs I see that I am on hdfs as I get : "hdfs@Hostname My_ID" as soon as I try to run anyhdfs commands e.g. - hdfs dfsadmin -report, I get a long error, below is a part of it:

 

Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)
at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147)
at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:122)
at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187)
at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:224)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212)
at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
... 41 more
ls: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSExcep tion: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : local host is: "MY_HOSTNAME.MY DOMAIN.com/IP ADDRESS"; destination host is: " MY_HOSTNAME.MY DOMAIN.com":8021;

 

 

Kindly suggest how do I fix this, kinda newbie with kerberos.

 

 

Regards

Wert

1 REPLY 1

Re: Kerberos Error

Expert Contributor

Hello @wert_1311,

 

Your tgt doesn't have appropriate permission. If you are using krb for authentication then you need to use appropriate keytab to have right tgt.

 

Hope that helps.

Don't have an account?
Coming from Hortonworks? Activate your account here