Cloudera Community
danielLP
user rank
Contributor

Re: Kerberos Generate Credentials fails

by Contributor in Support Questions
‎05-25-2015 03:58 AM
1 Kudo
‎05-25-2015 03:58 AM
1 Kudo
Hi, The problem was indeed the kadm5.acl file where I had a typo in the realm name. Thank you! ... View more

Re: Kerberos Generate Credentials fails

by Contributor in Support Questions
‎05-23-2015 02:06 AM
‎05-23-2015 02:06 AM
Anyone ?😐 ... View more

Kerberos Generate Credentials fails

by Contributor in Support Questions
‎05-20-2015 04:03 AM
‎05-20-2015 04:03 AM
Hi, I'm trying to configure kerberos on a single user installation. I've created the cloudera-scm/admin@MYREALM.COM and was able to kinit it manually but I keep falling at the Generate Credentials phase:   /usr/share/cmf/bin/gen_credentials.sh failed with exit code 1 and output of << + export PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/sbin:/usr/sbin:/bin:/usr/bin + PATH=/usr/kerberos/bin:/usr/kerberos/sbin:/usr/lib/mit/sbin:/usr/sbin:/sbin:/usr/sbin:/bin:/usr/bin + CMF_REALM=MYREALM.COM + KEYTAB_OUT=/var/run/cloudera-scm-server/cmf470480807619850998.keytab + PRINC=yarn/datanode003.domain.com@MYREALM.COM + MAX_RENEW_LIFE=604800 + KADMIN='kadmin -k -t /var/run/cloudera-scm-server/cmf7525098316801008285.keytab -p cloudera-scm/admin@MYREALM.COM -r MYREALM.COM' + RENEW_ARG= + '[' 604800 -gt 0 ']' + RENEW_ARG='-maxrenewlife "604800 sec"' + '[' -z /var/run/cloudera-scm-server/krb58981110957643724339.conf ']' + echo 'Using custom config path '\''/var/run/cloudera-scm-server/krb58981110957643724339.conf'\'', contents below:' + cat /var/run/cloudera-scm-server/krb58981110957643724339.conf + kadmin -k -t /var/run/cloudera-scm-server/cmf7525098316801008285.keytab -p cloudera-scm/admin@MYREALM.COM -r MYREALM.COM -q 'addprinc -maxrenewlife "604800 sec" -randkey yarn/datanode003.domain.com@MYREALM.COM' WARNING: no policy specified for yarn/datanode003.domain.com@MYREALM.COM; defaulting to no policy add_principal: Operation requires ``add'' privilege while creating "yarn/datanode003.domain.com@MYREALM.COM". + '[' 604800 -gt 0 ']' ++ kadmin -k -t /var/run/cloudera-scm-server/cmf7525098316801008285.keytab -p cloudera-scm/admin@MYREALM.COM -r MYREALM.COM -q 'getprinc -terse yarn/datanode003.domain.com@MYREALM.COM' ++ tail -1 ++ cut -f 12 get_principal: Operation requires ``get'' privilege while retrieving "yarn/datanode003.domain.com@MYREALM.COM". + RENEW_LIFETIME='Authenticating as principal cloudera-scm/admin@MYREALM.COM with keytab /var/run/cloudera-scm-server/cmf7525098316801008285.keytab.' + '[' Authenticating as principal cloudera-scm/admin@MYREALM.COM with keytab /var/run/cloudera-scm-server/cmf7525098316801008285.keytab. -eq 0 ']' /usr/share/cmf/bin/gen_credentials.sh: line 35: [: too many arguments + kadmin -k -t /var/run/cloudera-scm-server/cmf7525098316801008285.keytab -p cloudera-scm/admin@MYREALM.COM -r MYREALM.COM -q 'xst -k /var/run/cloudera-scm-server/cmf470480807619850998.keytab yarn/datanode003.domain.com@MYREALM.COM' kadmin: Operation requires ``change-password'' privilege while changing yarn/avpr-dhc003.lpdomain.com@MYREALM.COM's key + chmod 600 /var/run/cloudera-scm-server/cmf470480807619850998.keytab chmod: cannot access `/var/run/cloudera-scm-server/cmf470480807619850998.keytab': No such file or directory >>   Thanks, Daniel     ... View more
Labels:
Contact Me
Online
Offline
Last Visited
‎10-07-2015 09:57 AM
Community Statistics
Member Since ‎05-13-2015 04:31 AM
Last Visited ‎10-07-2015 09:57 AM
Posts 15
Kudos received 3