- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Float this Question for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Kerberos encryption type is not one of the expected values
- Labels:
-
Cloudera Manager
-
Kerberos
Created ‎03-08-2021 06:03 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi all.
I'm facing a CM configuration error I can't understand.
I've kerberized a Cloudera 5.16 cluster which authenticates against an AD/DC controller.
I've set aes256-cts and aes256-cts-hmac-sha1-96 encryption types.
CM reports a configuration issue:
I've a separate cluster, configured with the same values and authenticating to the same AD/DC controller, that have no errors.
I'm struggling on that error but can't solve.
Any idea?
Created ‎04-09-2021 01:34 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@svasi @jackass Just to close the loop. Yes Cloudera Manager will not recognize "AES" as a valid encryption type. These encryption types must match the permitted e-types listed in the /etc/krb5.conf file. We technically support what ever Kerberos supports, however the field validation only checks for cipher short names in this release. As such, if all is working well, you can safely ignore this alert.
Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Created ‎03-09-2021 11:26 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@svasi Are you getting the same error when providing one value in on box, I guess you should try that and see if this works. There might be some weird issue, try to restart CM server.
Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Created ‎03-10-2021 12:44 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@svasi
Can you check and share your pseudonymized /etc/krb5.conf?
Created ‎04-08-2021 11:36 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Nothing changes
It seems to be a known bug on that CDH release
Had the opportunity to open a SR through my customer's account and support
answered that the message can be dismissed
Thanks for your answers
Created ‎04-09-2021 01:34 AM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@svasi @jackass Just to close the loop. Yes Cloudera Manager will not recognize "AES" as a valid encryption type. These encryption types must match the permitted e-types listed in the /etc/krb5.conf file. We technically support what ever Kerberos supports, however the field validation only checks for cipher short names in this release. As such, if all is working well, you can safely ignore this alert.
Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
