We need to reach out the AD support, the response is coming from the AD  Response was from master KDC Received error from KDC: -1765328360/Preauthentication failed Preauthenticating using KDC method data Processing preauth types: PA-ETYPE-INFO2 (19) Selected etype info: etype rc4-hmac, salt "", params "" kinit: Preauthentication failed while getting initial credentials [0] Reference: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-kile/ae60c948-fda8-45c2-b1d1-a71b484dd1f7 ... View more

Hi @yagoaparecidoti, The error is coming directly from the Active Directory KDC, please limit the keytab to RC4 HMAC as commented earlier. Scroll up on the first post. Then, try to kinit by using the trace to understand the issue better: KRB5_TRACE=/dev/stdout kinit -kt http.keytab HTTP/hostnamae@DOMAIN.LOCAL ... View more

ktpass might be purely AD, might be worth it to open an AD case if that is the only option. Otherwise, Could you please try to create the keytab with the following ktutil commands: add_entry -password -p HTTP@FQDN_DOMAIN.LO -k 1 -e arcfour-hmac-md5 ... View more

In regards to your first question, it is on the cluster host. For your second, We only create the keytab against the service SPN ("livy-http/hostname@DOMAIN.LOCAL"), what is the business purpose to create the keytab with HTTP principals? The service is authenticating against Service Principals, not HTTP. ... View more

Hi sir, This command is probably better to be evaluated in an AD forum, It is a power shell command in the AD server. Based on the stack trace you are getting, the pre-authentication is failing. Normally, this may happen because the account is enabled with pre-auth or you are using a cipher that requires pre-auth [0] We can try to create by using only legacy ciphers: ########################################## # How to Create a keytab from client application ########################################## # Step 1: Type ktutil to enter prompt: ktutil # Step 2: At the ktutil prompt, add the authentication command below: ktutil:  add_entry -password -p livy-http@DOMAIN.LOCAL-k 1 -e arcfour-hmac-md5 # Step 3: Type password Password for livy-http@DOMAIN.LOCAL: # Step 4: Create Keytab file at ktutil prompt: # ktutil:  <command below to create keytab file> wkt livy-http.keytab # Step 5: Type quit to exit quit # Step 6: Verify Keytab Works Using kinit: /usr/bin/kinit -V -kt livy-http.keytab livy-http@DOMAIN.LOCAL [0] refer to the box checks "Do not required Kerberos Preauthentication":  https://docs.informatica.com/data-integration/powercenter/10-2/security-guide/kerberos-authentication/preparing-to-enable-kerberos-authentication/step-3--create-kerberos-principal-accounts-in-active-directory.html ... View more