Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Hadoop authentication using kerberos

1941478Oct 12 2016 — edited Oct 13 2016

I'm very new at kerberos, so the question may not be expressed in the best way...

I have a Solaris 10 system that connects with a Hadoop cluster.

The Solaris system is a non-global zone on a global system that is hosting a number of other zones,  so backing out the patch would be difficult because I would need to get down time on all of the zones running there.

Authentication for Hadoop was set up using Kerberos. 

When we applied the latest Solaris 10 patch bundle (Sept 2016),  our authentication using a keytab file quit working.

Authentication for a user still seems to work.

The only patch I see that mentions Kerberos is:  147793.   This patch bundle went from the -17 to the -20.

When doing a kinit -k -t xform.keytab   I get the following...

kinit(v5): Key table entry not found while getting initial credentials

Results from a klist -ket xform.keytab

klist -ket xform.keytab

Keytab name: FILE: /xform.keytab

KVNO Timestamp              Principal

---- ---------------- ----------------------------------------------------------

   0 27/09/2016 11:43 xform@CORP.COMPANY.COM (AES-128 CTS mode with 96-bit SHA-1 HMAC)

   0 27/09/2016 11:43 xform@CORP.COMPANY.COM (ArcFour with HMAC/md5)

The krb5.conf file is fairly large, so I did not post it here.

The kinit worked before we applied the Sept 2016 Recommended patch bundle.  It is an assumption on my part that the 147793 patch is the one that impacted this.

Does anyone have any hints as to how to go about troubleshooting this, or what needs to be done to fix it?

This is in our development environment, and I need to get this resolved before we patch production next week.

Comments

Processing
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Nov 10 2016
Added on Oct 12 2016
3 comments
653 views