To troubleshoot Kerberos security issues, enable the debugger by changing the following setting in the
Under the Hue installation directory, check
logs/runcpserver.log for errors. Some sample error messages are shown below.
Could not start SASL
kinitcommand to generate a new ticket with a long running lifetime, then restart the Hue webserver.
If you see this message, it means that the ticket generated by the
kinit command from
maprlogin kerberos was not copied to
This can happen when you generate a new ticket after the original ticket expires and forget to copy it into the ticket cache. Run the following command to copy the ticket into the ticket cache:
Password incorrect while getting initial credentials
This message (
Password incorrect while getting initial credentials) appears when you create a keytab file, but try to authenticate with a password. The act of creating a keytab causes a new random key to be placed in the Kerberos database and into the keytab file (
/opt/mapr/conf/mapr.keytab). That key does not have a password associated with it, so you can only authenticate using the keytab.
If you want to authenticate with a password, run the
cpw command in
kadmin instead of the
TaskTracker daemon does not start
If the TaskTracker log contains an error message similar to this, check that the
/opt/mapr/conf/mapr.keytab file contains the correct Kerberos principal name, as specified in
To check the principal name, list the contents of the keytab file by running the following commands: