Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

where does "cloudera-scm@DOMAIN ... client not found in Kerberos database" come from?

Highlighted

where does "cloudera-scm@DOMAIN ... client not found in Kerberos database" come from?

Guru

Hi,

 

today I detected in the KDC log file entries like this:

""

Feb 27 11:48:11 hadoop-pg-1 krb5kdc[25831](info): AS_REQ (6 etypes {18 17 16 23 1 3}) 10.147.210.2: CLIENT_NOT_FOUND: cloudera-scm@HADOOP-PG for krbtgt/HADOOP-PG@HADOOP-PG, Client not found in Kerberos database
Feb 27 11:48:21 hadoop-pg-1 krb5kdc[25831](info): AS_REQ (6 etypes {18 17 16 23 1 3}) 10.147.210.2: CLIENT_NOT_FOUND: cloudera-scm@HADOOP-PG for krbtgt/HADOOP-PG@HADOOP-PG, Client not found in Kerberos database
Feb 27 11:48:31 hadoop-pg-1 krb5kdc[25831](info): AS_REQ (6 etypes {18 17 16 23 1 3}) 10.147.210.2: CLIENT_NOT_FOUND: cloudera-scm@HADOOP-PG for krbtgt/HADOOP-PG@HADOOP-PG, Client not found in Kerberos database

""

 

Yes, for sure, that client doesn't exist. The correction principal is called "cloudera-scm/admin@HADOOP-PG", created regarding the Cloudera-documentation for enabling security (step 4).

 

Who, or better which service, is trying to authenticate as "cloudera-scm@". I never configured that principal anywhere ?!?!

Don't have an account?
Coming from Hortonworks? Activate your account here