When accessing a web-based user interface that requires Kerberos authentication, you will need to ensure that your web browser is properly configured to send a Kerberos token.
On the client machine, you will need to make a Kerberos identity has been established. This may be done sing different mechanism depending on the OS being used. For example on a Linux host, you might use kinit. Then, the web browser needs to be configured properly. Instructions on doing this is dependent on the type of web browser and OS. I usually refer to https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Ker... to help with this. Or maybe do an internet search for your particular web browser and operating system.
If you have done this, then maybe there is an issue with the Kerberos identity. If the principal belongs to a different realm from what is configured for the cluster, a cross-realm trust relationship must be established so that the cluster's realm will trust the tokens coming from the alternate KDC. Establishing the trust relationship can be done by following steps outlined in the HCC article titled One Way Trust - MIT KDC to Active Directory.
If you are seeing a specific error, posting that may help debug the issue. Possible take a look at the Storm UI logs to see if there are any interesting messages there. It may be necessary to turn on Kerberos debugging to get more information as well. This can be done by setting the Java system properly 'sun.security.krb5.debug` to true. For example