Member since
09-19-2018
2
Posts
0
Kudos Received
0
Solutions
09-20-2018
01:14 PM
Thanks for the reply. I'm not an Hadoop Admin, so hopefully my responses are at the level you expect. I've checked the krd5.conf file and there are no entries with the enctype properties you mentioned. I can't post since there is some server specific information in the file. I created the keytab file using "ktutil" and within my add_entry command i only stated the following encryption "aes256-cts", however this seemed to create the following; aes256-cts-hmac-sha1-96 When i tried with the following supported encryption types (source: https://web.mit.edu/kerberos/krb5-devel/doc/admin/enctypes.html) i) aes256-cts-hmac-sha384-192 ii) aes128-cts-hmac-sha256-128 I was then not able to create a ticket with KINIT. I noticed when using the above on NIFI it gave me a different error basically stating it could not login with these credentials. Which is expected i guess since i could not login using KINIT In terms of your final question: is the unlimited JCE policy installed - i do not know, how can I check? We do not have a dedicated Admin so i am currently playing dual roles at the moment.
... View more
09-19-2018
05:49 PM
Hi, I have the following setup: HDP 2.6.5 Kerberos 5 version 1.15.1 NIFI - 1.7.1 I am trying to create a simple NIFI process to read files from my filesystem (using GetFile) & then copy these to HDFS (using PutHDFS). Getfile works fine & i can see all files on the queue. The issue i am experiencing is with the PutHDFS processor. It fails with the following error: PutHDFS[id=e72a065a-0165-1000-cdd3-ecf4ad00849f] HDFS Configuration error - Login failure for user: xxxx@xxxx.COM from keytab /home/xxxx@xxxx.com/xxxx.keytab javax.security.auth.login.LoginException: KDC has no support for encryption type (14): org.apache.hadoop.security.KerberosAuthException: Login failure for user: xxxx@xxxxx from keytab /home/xxxxx@xxxx.com/xxxxx.keytab javax.security.auth.login.LoginException: KDC has no support for encryption type (14) Processor PutHDFS i have populated the following properties: Hadoop Configuration Resources : /etc/hadoop/conf/core-site.xml,/etc/hadoop/conf/hdfs-site.xml,/etc/hadoop/conf/yarn-site.xml,/etc/hadoop/conf/mapred-site.xml Kerberos Principal: xxxx.xxxx.com Kerberos Keytab: /home/xxxx@xxxx.com/xxxxx.keytab I have successfully tested the keytab file by performing a kinit & can create a ticket. Also i have updated the nifi.properties file: nifi.kerberos.krb5.file=/etc/krb5.conf The encryption method chosen for my keytab file is: (aes256-cts-hmac-sha1-96) Any help would be appreciated.
... View more
Labels:
- Labels:
-
Apache Hadoop
-
Apache NiFi