Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Kerberos encryption type is not one of the expected values

Labels:
avatar
author-rank svasi
Explorer

Created ‎03-08-2021 06:03 AM

Hi all.

I'm facing a CM configuration error I can't understand.

I've kerberized a Cloudera 5.16 cluster which authenticates against an AD/DC controller.

I've set aes256-cts and aes256-cts-hmac-sha1-96 encryption types.

CM reports a configuration issue:

thumbnail_image001.jpg

I've a separate cluster, configured with the same values and authenticating to the same AD/DC controller, that have no errors.

 

I'm struggling on that error but can't solve.

 

Any idea?

 

 

2,375 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank GangWar author-rank
Master Guru

Created ‎04-09-2021 01:34 AM

@svasi @jackass  Just to close the loop. Yes Cloudera Manager will not recognize "AES" as a valid encryption type. These encryption types must match the permitted e-types listed in the /etc/krb5.conf file. We technically support what ever Kerberos supports, however the field validation only checks for cipher short names in this release. As such, if all is working well, you can safely ignore this alert.


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

View solution in original post

2,272 Views
4 REPLIES 4

avatar
author-rank GangWar author-rank
Master Guru

Created ‎03-09-2021 11:26 PM

@svasi Are you getting the same error when providing one value in on box, I guess you should try that and see if this works. There might be some weird issue, try to restart CM server. 


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,348 Views
0 Kudos

avatar
author-rank jackass
Explorer

Created ‎03-10-2021 12:44 PM

@svasi 
Can you check and share your pseudonymized   /etc/krb5.conf?

2,331 Views
0 Kudos

avatar
author-rank svasi
Explorer

Created ‎04-08-2021 11:36 PM

I've tried to set a value at a time and restart CM.
Nothing changes

It seems to be a known bug on that CDH release
Had the opportunity to open a SR through my customer's account and support
answered that the message can be dismissed

Thanks for your answers
2,282 Views
0 Kudos

avatar
author-rank GangWar author-rank
Master Guru

Created ‎04-09-2021 01:34 AM

@svasi @jackass  Just to close the loop. Yes Cloudera Manager will not recognize "AES" as a valid encryption type. These encryption types must match the permitted e-types listed in the /etc/krb5.conf file. We technically support what ever Kerberos supports, however the field validation only checks for cipher short names in this release. As such, if all is working well, you can safely ignore this alert.


Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
2,273 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements