Support Questions

Find answers, ask questions, and share your expertise

kerberos spnego authentication not working for ambari hadoop server rest api url


I have a hadoop server which namenode, datanode , YARN component etc are spnego kerberized and when we hit their url's on web we get as below -

url - http://host:50070/jmx?qry=Hadoop:*
here 50070 is namenode port output :


Problem accessing /index.html. Reason:

    GSSException: Defective token detected (Mechanism level: GSSHeader did not 

above response on web indicates that url is kerberized.



I tried to enable spnego kerberos for ambari with using command "ambari-server setup-security" and completed kerberos configuration.

but when hit the url of ambari services rest api then getting proper output -


url - http://host:8080/api/v1/clusters/cluster_name/services/HDFS


I could see the proper output for above url on web . why both url's output is not same , it should be same if enabled kerberos .


please help and thanks in advance!!!




Can you share the 2 contents so we can help with the analysis?




Enabling kerberos we have to set properties as below to HDFS,YARN etc etc .    kerberos      true

hadoop.http.authentication.simple.anonymous.allowed   false


after configuring kerberos properly then when we hit the url of any component of hadoop server on browser then will get  HTTP ERROR 403 .


REST api url pattern -



but when we hit the same service rest api url on browser then we could see the response on browser details are as below -


"href" : "http://host:8080/api/v1/clusters/cluster_name/services/HDFS",
"ServiceInfo" : {
"cluster_name" : "<cluster_name>",
"maintenance_state" : "OFF",
"service_name" : "HDFS",
"state" : "STARTED"
"alerts_summary" : {
"OK" : 26,
"UNKNOWN" : 1,
"alerts" : [





but response should not  be display on browser if url is kerberized and we should get http error 403 .



so here we want to kerberize rest api url .

please help for same.


Did you enable your Ambari manually  because those parameters you are referring to are set automatically when enabling through Ambari else if you did it manually as I suspect you need to perform the steps mentioned  Set Up Kerberos for Ambari Server


Please revert 




I have already executed steps that you have provided in the link but still ambari services rest api url is not kerberized .


is there any other configuration required ? or

ambari services rest api url do not support kerberos authentication ?