Support Questions

VidyaSargur · ‎10-15-2019

Hi All,

We have HDInsight deployed with Enterprise Service Package enabled e.g. kerberized cluster.

User is able to connect to the hive over kerberos from the Azure VM machine that's on same domain.

Problem is, we have bunch of users which are not on trusted domain (azure domain vs on-prem domain). This cause problem because the user always hit with error:

[Hortonworks][Support] (50360) Integrated security authentication failed. (Routine Error:
Unspecified GSS failure. Minor code may provide more information
Mechanism Info:
Cannot contact any KDC for realm 'SOMETHING.ONMICROSOFT.COM'
Major: 851968 Minor: 2529639068)

I have setup my on-prem machine the KRB5_CONFIG and KRB5CCNAME on Environment Variable, and point to copy of files from Azure VM.

Is there a way we can logon to the kerberized cluster using domain username and password instead kerberos?

Shelton · ‎10-15-2019

@Fsetiawan

You can crate the keytabs for these user on the KDC and send it to them but they MUST have locally the copy of the krb5.conf and correct permissions on those keytabs.

The other solution is to create a trust between the 2 domains.

HTH

Fsetiawan · ‎10-16-2019

thanks @Shelton for the suggestion I will try to create the keytab for the users, how can I use it in ODBC setup box?

Also I'm still interested with original question, can we use domain account & password for authentication on kerberized cluster.

Support Questions

kerberized hive logon via username & password