I set up Kerberos authentication for Hadoop cluster. When i try to get kerberos ticket using kinit, it stores the ticket in krb5cc_0
$ sudo klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: hduser/[email protected]
Valid starting Expires Service principal
01/04/2018 10:15:14 01/05/2018 10:15:14 krbtgt/[email protected]
But when I tried to list HDFS directory on command line I got the following error:
$ hdfs dfs -ls /
openjdk version "1.8.0_151"
OpenJDK Runtime Environment (build 1.8.0_151-b12)
OpenJDK 64-Bit Server VM (build 25.151-b12, mixed mode)
Java config name: null
Native config name: /etc/krb5.conf
Loaded from native config
>>>KinitOptions cache name is /tmp/krb5cc_1001
18/01/04 10:07:48 WARN ipc.Client: Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
18/01/04 10:07:48 WARN ipc.Client: Exception encountered while connecting to the server : javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]
My /etc/krb5.conf:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = FDATA.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
default_ccache_name = FILE:/tmp/krb5cc_0
[realms]
FDATA.COM = {
kdc = kdc.fdata.com
admin_server = kdc.fdata.com
}
[domain_realm]
.fdata.com = FDATA.COM
fdata.com = FDATA.COM
- OS: Centos 7
- Kerberos: MIT Kerberos 1.5.1
- Hadoop: Apache Hadoop 2.7.3
Why hdfs and kinit using different kerberos ccache file?
