Member since 
    
	
		
		
		06-21-2016
	
	
	
	
	
	
	
	
	
	
	
	
	
	
			
      
                25
            
            
                Posts
            
        
                0
            
            
                Kudos Received
            
        
                1
            
            
                Solution
            
        My Accepted Solutions
| Title | Views | Posted | 
|---|---|---|
| 21570 | 03-27-2019 08:07 AM | 
			
    
	
		
		
		03-27-2019
	
		
		08:07 AM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 Hi community,      I've fixed the issue by adding bellow Kerberos host principal to file /etc/krb5.keytab:  host/fqdn_hostname@REALM.      The one that was previously set did not my match my environment configuration: host/UNKNOWN_DOMAIN@UNKNOWN_REALM 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		03-12-2019
	
		
		04:01 PM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 Hi guys,  I found an environment where ksu works. My issue seems to be related to some sssd configuration but still did not ended to solve this issue.  Does it remind you of something regarding sssd configuration ?  Thank you. 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		02-21-2019
	
		
		08:27 AM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 Thanks for your reply but still getting the issue with your settings. 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		02-20-2019
	
		
		05:16 PM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 Can you please be more precise on how to change that file ? 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		02-20-2019
	
		
		05:16 PM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 Here is my krb5.conf - for security purposes, I do not provide my environment real values but be sure that it matches EXAMPLE.COM and UNKNOWN_DOMAIN.      includedir /etc/krb5.conf.d/  includedir /var/lib/sss/pubconf/krb5.include.d/      [libdefaults]    default_realm = EXAMPLE.COM    dns_lookup_realm = true    dns_lookup_kdc = true    rdns = false    ticket_lifetime = 24h    renew_lifetime = 7d    forwardable = true    udp_preference_limit = 0    default_ccache_name = /tmp/krb5cc_%{uid}      [logging]    default = FILE:/var/log/krb5kdc.log    admin_server = FILE:/var/log/kadmind.log    kdc = FILE:/var/log/krb5kdc.log      [realms]    UNKNOWN_DOMAIN = {      pkinit_anchors = FILE:/etc/ipa/ca.crt        }    EXAMPLE.COM = {      admin_server = myadmin.server.com      kdc = myadmin.server.com    }      [domain_realm]    .unknown_domain = UNKNOWN_DOMAIN    unknown_domain = UNKNOWN_DOMAIN     
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		02-20-2019
	
		
		05:16 PM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 Hi community,  I am studying ksu for some use cases and found this link:  https://web.mit.edu/kerberos/krb5-1.5/krb5-1.5.4/doc/krb5-user/ksu.html      I have a user1 with KDC entry and keytab. Just before running ksu, I kinit user1 to get Kerberos ticket:  [user1@server1 ~]$ klist  Ticket cache: FILE:/tmp/krb5cc_1003293697  Default principal: user1@EXAMPLE.COM  Valid starting Expires Service principal  02/18/2019 09:13:12 02/19/2019 09:13:12 krbtgt/EXAMPLE.COM@EXAMPLE.COM      Then, I want user1 to ksu user2. For this to work, I have created a .k5login file on user2 home directory with user1@EXAMPLE.COM on its content.  Than, I launch ksu with user1 but found this issue:  [user1@server1 ~]$ ksu user2  ksu: Server not found in Kerberos database while verifying ticket for server  Authentication failed.      Looking for an error on /var/log/krb5kdc.log, I found that one:  UNKNOWN_SERVER: authtime 0, user1@EXAMPLE.COM for krbtgt/UNKNOWN_DOMAIN@EXAMPLE.COM, Server not found in Kerberos database      As the error states, service principal name krbtgt/UNKNOWN_DOMAIN@EXAMPLE.COM is unknown to KDC database, which is right. The problem is I expected the SPN to be krbtgt/EXAMPLE.COM@EXAMPLE.COM, just like what I can see on my user1 klist.  As I don't really know how to fix this, does someone have an idea on this, please ?  On different website and forums, it talks about FQDN, reverse DNS and some /etc/hosts and /etc/resolv.conf configurations but none solved my issue.      Thank you on advance for your help. 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
		
			
				
						
							Labels:
						
						
		
			
	
					
			
		
	
	
	
	
				
		
	
	
- Labels:
- 
						
							
		
			Apache Hadoop
			
    
	
		
		
		06-15-2018
	
		
		02:33 PM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 @Felix Albani is their a relation between the WebHcat server and Hive Server or Know server ? I still don't understand how these components are related to each other ?  Thank you. 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		
			
    
	
		
		
		06-08-2018
	
		
		03:41 PM
	
	
	
	
	
	
	
	
	
	
	
	
	
	
		
	
				
		
			
					
				
		
	
		
					
							 @Hernán Fernández same thing. Here is the command I typed:  curl -ivk --negotiate 'https://my_knox_hostname:9443/gateway/default/hive/?op=LISTSTATUS' 
						
					
					... View more
				
			
			
			
			
			
			
			
			
			
		 
        






