Support Questions

Find answers, ask questions, and share your expertise

Kerberos configuration failed

Contributor

I just installed trial version of CDP Data Center on my CentOS7 virtual machine; I was able to connect to the cloudera manager and the first thing that was asked of me was to install a working KDC and I chose to install MIT KDC. After the installation i proceed the configuration of Kerberos and at the end i received the following error: kinit: KDC has no support for encryption type while getting initial credentials.

 

This is the complete error message:


/opt/cloudera/cm/bin/import_credentials.sh failed with exit code 1 and output of <<
+ export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
+ PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/usr/lib/mit/bin:/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin
+ KEYTAB_OUT=/var/run/cloudera-scm-server/cmf4648265406807175091.keytab
+ USER=USERNAME-REDACTED
+ passwd=BUNDLE-REDACTED KVNO=1
+ SLEEP=0
+ RHEL_FILE=/etc/redhat-release
+ '[' -f /etc/redhat-release ']'
+ set +e
+ grep Tikanga /etc/redhat-release
+ '[' 1 -eq 0 ']'
+ '[' 0 -eq 0 ']'
+ grep 'CentOS release 5' /etc/redhat-release
+ '[' 1 -eq 0 ']'
+ '[' 0 -eq 0 ']'
+ grep 'Scientific Linux release 5' /etc/redhat-release
+ '[' 1 -eq 0 ']'
+ set -e
+ '[' -z /var/run/cloudera-scm-server/krb53377829653236465405.conf ']'
+ echo 'Using custom config path '\''/var/run/cloudera-scm-server/krb53377829653236465405.conf'\'', contents below:'
+ cat /var/run/cloudera-scm-server/krb53377829653236465405.conf
+ IFS=' '
+ read -a ENC_ARR
+ ktutil
+ for ENC in '"${ENC_ARR[@]}"'
+ echo 'addent -password -p USERNAME-REDACTED -k 1 -e rc4-hmac'
+ '[' 0 -eq 1 ']'
+ echo PASSWORD-REDACTED
+ echo 'wkt /var/run/cloudera-scm-server/cmf4648265406807175091.keytab'
+ chmod 600 /var/run/cloudera-scm-server/cmf4648265406807175091.keytab
+ kinit -k -t /var/run/cloudera-scm-server/cmf4648265406807175091.keytab USERNAME-REDACTED
kinit: KDC has no support for encryption type while getting initial credentials

 

Any ideas what I should try?

1 REPLY 1

Moderator

Hello @emeric ,


the "kinit: KDC has no support for encryption type while getting initial credentials" usually occurs after configuring encryption types that do not match the ones present in the tgt principal (such as krbtgt/CLOUDERA@CLOUDERA) in the KDC. This can also happen while starting a service where the enctypes in the krbtgt principal do not match those used in service keytab.

 

From an earlier Community post: Please compare the Kerberos server and client configurations and reconfigure krb5.conf on all your nodes to explicitly use the supported encryption type.

 

The documentation describes:

"Kerberos client OS-specific packages must be installed on all cluster hosts and client hosts that will authenticate using Kerberos."

 

Wondering if some missing packages might be the issue?

 

Kind regards:

Ferenc


Ferenc Erdelyi, Technical Solutions Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:

Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.