Member since
06-21-2016
25
Posts
0
Kudos Received
1
Solution
My Accepted Solutions
Title | Views | Posted |
---|---|---|
21534 | 03-27-2019 08:07 AM |
03-27-2019
08:07 AM
Hi community, I've fixed the issue by adding bellow Kerberos host principal to file /etc/krb5.keytab: host/fqdn_hostname@REALM. The one that was previously set did not my match my environment configuration: host/UNKNOWN_DOMAIN@UNKNOWN_REALM
... View more
03-12-2019
04:01 PM
Hi guys, I found an environment where ksu works. My issue seems to be related to some sssd configuration but still did not ended to solve this issue. Does it remind you of something regarding sssd configuration ? Thank you.
... View more
02-21-2019
08:27 AM
Thanks for your reply but still getting the issue with your settings.
... View more
02-20-2019
05:16 PM
Can you please be more precise on how to change that file ?
... View more
02-20-2019
05:16 PM
Here is my krb5.conf - for security purposes, I do not provide my environment real values but be sure that it matches EXAMPLE.COM and UNKNOWN_DOMAIN. includedir /etc/krb5.conf.d/ includedir /var/lib/sss/pubconf/krb5.include.d/ [libdefaults] default_realm = EXAMPLE.COM dns_lookup_realm = true dns_lookup_kdc = true rdns = false ticket_lifetime = 24h renew_lifetime = 7d forwardable = true udp_preference_limit = 0 default_ccache_name = /tmp/krb5cc_%{uid} [logging] default = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] UNKNOWN_DOMAIN = { pkinit_anchors = FILE:/etc/ipa/ca.crt } EXAMPLE.COM = { admin_server = myadmin.server.com kdc = myadmin.server.com } [domain_realm] .unknown_domain = UNKNOWN_DOMAIN unknown_domain = UNKNOWN_DOMAIN
... View more
02-20-2019
05:16 PM
Hi community, I am studying ksu for some use cases and found this link: https://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-user/ksu.html I have a user1 with KDC entry and keytab. Just before running ksu, I kinit user1 to get Kerberos ticket: [user1@server1 ~]$ klist Ticket cache: FILE:/tmp/krb5cc_1003293697 Default principal: user1@EXAMPLE.COM Valid starting Expires Service principal 02/18/2019 09:13:12 02/19/2019 09:13:12 krbtgt/EXAMPLE.COM@EXAMPLE.COM Then, I want user1 to ksu user2. For this to work, I have created a .k5login file on user2 home directory with user1@EXAMPLE.COM on its content. Than, I launch ksu with user1 but found this issue: [user1@server1 ~]$ ksu user2 ksu: Server not found in Kerberos database while verifying ticket for server Authentication failed. Looking for an error on /var/log/krb5kdc.log, I found that one: UNKNOWN_SERVER: authtime 0, user1@EXAMPLE.COM for krbtgt/UNKNOWN_DOMAIN@EXAMPLE.COM, Server not found in Kerberos database As the error states, service principal name krbtgt/UNKNOWN_DOMAIN@EXAMPLE.COM is unknown to KDC database, which is right. The problem is I expected the SPN to be krbtgt/EXAMPLE.COM@EXAMPLE.COM, just like what I can see on my user1 klist. As I don't really know how to fix this, does someone have an idea on this, please ? On different website and forums, it talks about FQDN, reverse DNS and some /etc/hosts and /etc/resolv.conf configurations but none solved my issue. Thank you on advance for your help.
... View more
Labels:
- Labels:
-
Apache Hadoop
06-15-2018
02:33 PM
@Felix Albani is their a relation between the WebHcat server and Hive Server or Know server ? I still don't understand how these components are related to each other ? Thank you.
... View more
06-08-2018
03:41 PM
@Hernán Fernández same thing. Here is the command I typed: curl -ivk --negotiate 'https://my_knox_hostname:9443/gateway/default/hive/?op=LISTSTATUS'
... View more