Support Questions
Find answers, ask questions, and share your expertise

When kerbros is enabled not able to connect to remote Filesystem with out keytab, always getting error saying "failure to login using ticket cache file"

New Contributor
 
5 REPLIES 5

@peter jaink Whats the output of klist?

As soon as you have Keberos enabled, you need to have a valid Kerberos ticket before you can access the HDFS.

Check if you have a valid ticket:

klist

Get a ticket (w/o keytab):

kinit myuser@MYREALM.COM

Get a ticket (with keytab):

kinit -kt <path to keytab> <keytab principal/user>@MYREALM.COM

If you are still getting a ticket cache error, try to destroy the old ticket (kdestroy) and remove the ticket cache file /tmp/krb5cc_<user id>

This might also be helpful: https://community.hortonworks.com/content/kbentry/...

New Contributor

Hi jonas, thanks for answering my question, i did klist it shows me proper ticket , because i am able to run all the hadoop commands , but when i try to login through my code which is connecting remotely to hadoop filesystem using the same ticket , it is giving me this error.

here's the snippet I use to force a login fast:

  public static void forceLogin() throws IOException {
    if (UserGroupInformation.isSecurityEnabled()) {
      if (UserGroupInformation.isLoginKeytabBased()) {
        UserGroupInformation.getLoginUser().reloginFromKeytab();
      } else {
        UserGroupInformation.getLoginUser().reloginFromTicketCache();
      }
    }
  }

There's some options to turn up kerberos debug output —look in kerberos & hadoop: secrets

Mentor

@peter jaink has this been resolved? Please accept best answer or provide your own solution.