Hello, we are using Amabri Blueprints for the node installations, it works fine with Kerberos if we use the regular folder '/etc/' for krb5.conf. Unfortunately we already use the '/etc/' folder for another services krb5.conf file for other services than Hadoop (with different settings) and these services do manage and update their krb5.conf so we can’t just add our realm configurations. We tried to use the Enable Kerberos Wizard with changing the “krb5-conf directory path” under “Advanced krb5-conf” in the second step of the wizard to e.g. /etc/hadoop, which does work. It will lead to the failure of the Kerberos Client tests in the next step of the wizard: kinit: Cannot find KDC for requested realm while getting initial credentials So it seems that Ambari is not distributing the changed krb5 path to the clients. Adding “export KRB5_CONFIG=/etc/hadoop/krb5.conf” to ambari-env.sh for the server and agents in the respective /var/lib/ambari-[server/agent] directories as well as -Djava.security.krb5.conf to the right path in the server ambari-env.sh also does not help. Neither does adding “export KRB5_CONFIG=/etc/hadoop/krb5.conf” to the Hadoop-env-template (in the HDFS config options) or -Djava.security.krb5.conf=/etc/hadoop/krb5.conf to HADOOP_OPTS in the same file. We also tried to use the API as described in the ambari wiki at https://cwiki.apache.org/confluence/display/AMBARI/Automated+Kerberizaton – with no success either. Here the Hadoop services fail to start after enabling Kerberos security with “kinit: Cannot find KDC for requested realm while getting initial credentials” as well. Last, I should also add, that the Kerberos tools are working fine if used on the command line with KRB5_CONFIG set to /etc/hadoop/krb5.conf. So this doesn’t seem to be a Kerberos problem. Can you suggest anything to solve this problem? Thanks in advance 🙂 ... View more