hi @araujo    the ad has two users:   livy livy-http   the user livy has the SPN:   livy/hostname@DOMAIN.LOCAL   and it is working without problem in kinit   the user livy-http has the SPN:   HTTP/hostname@DOMAIN.LOCAL   but it is showing the error described above   ... View more

hi @araujo    to use in the livy service, as requested in the processes in the links below:   https://danielfrg.com/blog/2018/08/spark-livy/ https://enterprise-docs.anaconda.com/en/latest/admin/advanced/config-livy-server.html ... View more

hi @JQUIROS    the command to create the entry was:   add_entry -password -p HTTP/hostname@DOMAIN.LOCAL -k 1 -e rc4-hmac   then export the keytab with the command:   wkt http.keytab   and then to validate the tiker the command:   KRB5_TRACE=/dev/stdout kinit -kt http.keytab HTTP/hostname@DOMAIN.LOCAL   presented the error:   Getting initial credentials for HTTP/hostname@DOMAIN.LOCALLooked up etypes in keytab: rc4-hmac Sending unauthenticated request Sending request (237 bytes) to DOMAIN.LOCAL Sending initial UDP request to dgram 172.22.22.22:88 Received answer (229 bytes) from dgram 172.22.22.22:88 Response was from master KDC Received error from KDC: -1765328359/Additional pre-authentication required Preauthenticating using KDC method data Processing preauth types: PA-PK-AS-REQ (16), PA-PK-AS-REP_OLD (15), PA-ETYPE-INFO2 (19), PA-ENC-TIMESTAMP (2) Selected etype info: etype rc4-hmac, salt "", params "" Retrieving HTTP/hostname@DOMAIN.LOCAL from FILE:http.keytab (vno 0, enctype rc4-hmac) with result: 0/Success AS key obtained for encrypted timestamp: rc4-hmac/20C1 Encrypted timestamp (for 1661441475.76781): plain 301AA011199992303232BED, encrypted 3625254347B405C2739999992C5C50F451C0A477AE3AD421DF Preauth module encrypted_timestamp (2) (real) returned: 0/Success Produced preauth for next request: PA-ENC-TIMESTAMP (2) Sending request (313 bytes) to DOMAIN.LOCAL Sending initial UDP request to dgram 172.22.22.22:88 Received answer (196 bytes) from dgram 172.22.22.22:88 Response was from master KDC Received error from KDC: -1765328360/Preauthentication failed Preauthenticating using KDC method data Processing preauth types: PA-ETYPE-INFO2 (19) Selected etype info: etype rc4-hmac, salt "", params "" kinit: Preauthentication failed while getting initial credentials ... View more

hi @JQUIROS    we were able to export the keytab with the command:   write_kt http.keytab   but when validating the ticket with the command:   kinit -kt http.keytab HTTP/hostnamae@DOMAIN.LOCAL   got the same error:   kinit: Preauthentication failed while getting initial credentials ... View more

hi @JQUIROS    using the ktutil command it was possible to create the principal:   HTTP/hostname@DOMAIN.LOCAL   how to export keytab now?   ... View more

hi @JQUIROS    we need to create the HTTP SPN keytab to use in the Livy service, as described in the link below:   https://enterprise-docs.anaconda.com/en/latest/admin/advanced/config-livy-server.html    in the link above, kadmin was used, but we don't have kadmin but AD. ... View more

hi @JQUIROS    if create another keytab with the SPN below:   "livy-http/hostname@DOMAIN.LOCAL"   works, no problems.   the problem is when using HTTP ... View more

hi@JQUIROS ,   should "kutil" command be run on cluster host or AD host? ... View more