About mkataria

StefanDunkler · ‎05-17-2017

Thanks Mayank. Just wanted to add one thing to clarify for others who might have this problem, because I was wasting some time on this myself: To solve the SSLContext must not be null error, you correctly stated "distribute keystore and truststore file to all machines". I happened to only distribute them to all HBase Master nodes, but it's important to also deploy the same keystores to all region server machines.

mkataria · ‎01-22-2016

Hi Everyone, I came across a Kerberos cache issue and wanted to share and possible have more ideas. I understand few of us had some issues in the past and hope this article might help. One of our clients have RedHat IDM (supported version of freeIpa) and when you install sssd along with krb5 by IDM the default cache setting is 'KEYRING' than 'File' You will still be able to get the tickets but will have GSSException error on Cluster. KEYRING persistent cache setting works with many applications however not with HADOOP Cluster, I'm sure HDO engineering team must be looking into this for a solution, since KEYRING is the future for kerberos cache and the stuff you can do with it like keylist and etc. To solve the errors you can comment out the "default_ccache_name=KEYRING....." on krb.conf or change it to "default_ccache_name = FILE:/tmp/krb5cc_%{uid}" Logout and log in again - destroy the previous tickets and you should have something like "Ticket cache: FILE:/tmp/krb5cc_" in your klist output. If you still see KEYRING PERSISTENT, kill all the running sessions of the user having the problem and restart SSSD service. Thanks Mayank

Online	Offline
Last Visited	‎09-26-2017 04:08 AM

Member Since	‎10-01-2015 02:34 PM
Last Visited	‎09-26-2017 04:08 AM
Posts	52
Kudos received	25

Cloudera Community

Re: Ranger HBase Plugin with SSL- AccessDeniedExce...

Kerberos Ticket Error - Cache in IPA /RedHat IDM (...