If one does no have rc4-hmac in Kerberos Encryption Types list HDFS does not start.
The following exception found in datanodes log file:
KrbException: No supported encryption types listed in default_tkt_enctypes
Adding rc4-hmac to the list of Kerberos Encryption Types, following by Deploy Client Configuration and Deploy Kerberos Client Configuration allows cluster to start successfully.
Relevant page http://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s4_kerb_wizard.html in the manual does not say that rc4-hmac MUST be included in Kerberos Encryption Types, it just says
Make sure the entries for the Kerberos Encryption Types field matches what your KDC supports.
Am I missing something here or it is working as designed?
Cloudera Manager and CDH does not enforce using rc4-hmac.
What did your krb5.conf file look like before you added rc4-hmac? What encryption algorithms does your KDC support?
If you were attempting to use AES256, make sure you have the unlimited JCE Policy files distributed in the JDK that is used for Hadoop Services.
For documentation on that:
AES256 was the only algorithm listed in krb5.conf at the time. All components besides HDFS were operating on AES256 as far as I recall, only HDFS complained. And yes, unlimited JCE Policy files were used.
What was the exact configuration you had in /etc/krb5.conf. I'm wondering if there may have been a typo in the encryption.
Make sure you had:
I tested and reproduced with a bogus encryption algorithm.