zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aparajita Singh <aparajita.1...@gmail.com>
Subject Re: Zookeeper client fails during SASL authentication
Date Thu, 11 Jun 2020 07:47:04 GMT
gentle reminder
(unquoting the previous email)

--

Hi,

I am trying to migrate an unauthenticated zookeeper cluster to a kerberos
authenticated one. For the time being SSL is disabled. I have configured
the server and client as described below but when SASL is enabled I am
unable to retreive data using zookeeper shell client from the zookeeper
server. Could I get some help in understanding why this is failing?


*server.log snippet*

















































*2020-06-10 17:09:01,263 - INFO
 [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197
<http://0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197>] - Accepted socket
connection from /127.0.0.1:44994 <http://127.0.0.1:44994>2020-06-10
17:09:01,264 - INFO
 [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@827
<http://0.0.0.0/0.0.0.0:2181:NIOServerCnxn@827>] - Processing mntr command
from /127.0.0.1:44994 <http://127.0.0.1:44994>2020-06-10 17:09:01,265 -
INFO  [Thread-5:NIOServerCnxn@1007] - Closed socket connection for client
/127.0.0.1:44994 <http://127.0.0.1:44994> (no session established for
client)2020-06-10 17:09:26,647 - INFO  [main:Environment@100] - Client
environment:zookeeper.version=3.4.6-169--1, built on 02/10/2016 05:49
GMT2020-06-10 17:09:26,649 - INFO  [main:Environment@100] - Client
environment:host.name <http://host.name>=stage-kdc-zk-ivy2020-06-10
17:09:26,649 - INFO  [main:Environment@100] - Client
environment:java.version=1.8.0_1722020-06-10 17:09:26,651 - INFO
 [main:Environment@100] - Client environment:java.vendor=Oracle
Corporation2020-06-10 17:09:26,651 - INFO  [main:Environment@100] - Client
environment:java.home=/usr/lib/jvm/oracle-java8-jdk-amd64/jre2020-06-10
17:09:26,651 - INFO  [main:Environment@100] - Client
environment:java.class.path=/usr/hdp/2.4.0.0-169/zookeeper/bin/../build/classes:/usr/hdp/2.4.0.0-169/zookeeper/bin/../build/lib/*.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/xercesMinimal-1.9.6.2.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/wagon-provider-api-2.4.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/wagon-http-shared4-2.4.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/wagon-http-shared-1.0-beta-6.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/wagon-http-lightweight-1.0-beta-6.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/wagon-http-2.4.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/wagon-file-1.0-beta-6.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/slf4j-log4j12-1.6.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/slf4j-api-1.6.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/plexus-utils-3.0.8.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/plexus-interpolation-1.11.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/plexus-container-default-1.0-alpha-9-stable-1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/netty-3.7.0.Final.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/nekohtml-1.9.6.2.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/maven-settings-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/maven-repository-metadata-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/maven-project-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/maven-profile-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/maven-plugin-registry-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/maven-model-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/maven-error-diagnostics-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/maven-artifact-manager-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/maven-artifact-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/maven-ant-tasks-2.1.3.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/log4j-1.2.16.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/jsoup-1.7.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/jline-0.9.94.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/httpcore-4.2.3.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/httpclient-4.2.3.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/commons-logging-1.1.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/commons-io-2.2.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/commons-codec-1.6.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/classworlds-1.1-alpha-2.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/backport-util-concurrent-3.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/apache-log4j-extras-1.2.17.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/ant-launcher-1.8.0.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../lib/ant-1.8.0.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../zookeeper-3.4.6.2.4.0.0-169.jar:/usr/hdp/2.4.0.0-169/zookeeper/bin/../src/java/lib/*.jar:/usr/hdp/2.4.0.0-169/zookeeper/conf::/usr/hdp/2.4.0.0-169/zookeeper/conf:/usr/hdp/2.4.0.0-169/zookeeper/zookeeper.jar:/usr/hdp/2.4.0.0-169/zookeeper/zookeeper-3.4.6.2.4.0.0-169.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/slf4j-log4j12-1.6.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/slf4j-api-1.6.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/classworlds-1.1-alpha-2.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/maven-model-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/httpcore-4.2.3.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/plexus-container-default-1.0-alpha-9-stable-1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/ant-launcher-1.8.0.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/plexus-utils-3.0.8.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/jline-0.9.94.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/wagon-http-2.4.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/maven-settings-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/log4j-1.2.16.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/netty-3.7.0.Final.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/commons-codec-1.6.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/commons-io-2.2.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/nekohtml-1.9.6.2.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/backport-util-concurrent-3.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/apache-log4j-extras-1.2.17.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/ant-1.8.0.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/xercesMinimal-1.9.6.2.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/commons-logging-1.1.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/httpclient-4.2.3.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/maven-profile-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/maven-error-diagnostics-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/maven-project-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/jsoup-1.7.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/plexus-interpolation-1.11.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/maven-plugin-registry-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/wagon-http-shared-1.0-beta-6.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/maven-repository-metadata-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/wagon-http-lightweight-1.0-beta-6.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/maven-ant-tasks-2.1.3.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/wagon-http-shared4-2.4.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/wagon-provider-api-2.4.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/maven-artifact-manager-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/maven-artifact-2.2.1.jar:/usr/hdp/2.4.0.0-169/zookeeper/lib/wagon-file-1.0-beta-6.jar:/usr/share/zookeeper/*2020-06-10
17:09:26,651 - INFO  [main:Environment@100] - Client
environment:java.library.path=/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib2020-06-10
17:09:26,651 - INFO  [main:Environment@100] - Client
environment:java.io.tmpdir=/tmp2020-06-10 17:09:26,651 - INFO
 [main:Environment@100] - Client environment:java.compiler=<NA>2020-06-10
17:09:26,651 - INFO  [main:Environment@100] - Client environment:os.name
<http://os.name>=Linux2020-06-10 17:09:26,652 - INFO
 [main:Environment@100] - Client environment:os.arch=amd642020-06-10
17:09:26,652 - INFO  [main:Environment@100] - Client
environment:os.version=4.9.0-9-amd642020-06-10 17:09:26,652 - INFO
 [main:Environment@100] - Client environment:user.name
<http://user.name>=root2020-06-10 17:09:26,652 - INFO
 [main:Environment@100] - Client environment:user.home=/root2020-06-10
17:09:26,652 - INFO  [main:Environment@100] - Client
environment:user.dir=/home/aparajita.singh2020-06-10 17:09:26,653 - INFO
 [main:ZooKeeper@438] - Initiating client connection,
connectString=stage-kdc-zk-ivy sessionTimeout=30000
watcher=org.apache.zookeeper.ZooKeeperMain$MyWatcher@379619aa2020-06-10
17:09:26,752 - INFO  [main-SendThread(stage-kdc-zk-ivy:2181):Login@293] -
successfully logged in.2020-06-10 17:09:26,753 - INFO
 [Thread-0:Login$1@127] - TGT refresh thread started.2020-06-10
17:09:26,757 - INFO
 [main-SendThread(stage-kdc-zk-ivy:2181):ZooKeeperSaslClient$1@285] -
Client will use GSSAPI as SASL mechanism.2020-06-10 17:09:26,758 - INFO
 [Thread-0:Login@301] - TGT valid starting at:        Wed Jun 10 15:17:21
IST 20202020-06-10 17:09:26,758 - INFO  [Thread-0:Login@302] - TGT expires:
                 Thu Jun 11 15:17:21 IST 20202020-06-10 17:09:26,758 - INFO
 [Thread-0:Login$1@181] - TGT refresh sleeping until: Thu Jun 11 11:17:04
IST 20202020-06-10 17:09:26,799 - INFO
 [main-SendThread(stage-kdc-zk-ivy:2181):ClientCnxn$SendThread@1019] -
Opening socket connection to server stage-kdc-zk-ivy/10.33.203.225:2181
<http://10.33.203.225:2181>. Will attempt to SASL-authenticate using Login
Context section 'Client'2020-06-10 17:09:26,854 - INFO
 [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197
<http://0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197>] - Accepted socket
connection from /10.33.203.225:45018 <http://10.33.203.225:45018>2020-06-10
17:09:26,854 - INFO
 [main-SendThread(stage-kdc-zk-ivy:2181):ClientCnxn$SendThread@864] -
Socket connection established to stage-kdc-zk-ivy/10.33.203.225:2181
<http://10.33.203.225:2181>, initiating session2020-06-10 17:09:26,856 -
INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@868
<http://0.0.0.0/0.0.0.0:2181:ZooKeeperServer@868>] - Client attempting to
establish new session at /10.33.203.225:45018
<http://10.33.203.225:45018>2020-06-10 17:09:26,859 - INFO
 [CommitProcessor:88:ZooKeeperServer@617] - Established session
0x58729e0540980002 with negotiated timeout 30000 for client
/10.33.203.225:45018 <http://10.33.203.225:45018>2020-06-10 17:09:26,861 -
INFO  [main-SendThread(stage-kdc-zk-ivy:2181):ClientCnxn$SendThread@1279] -
Session establishment complete on server
stage-kdc-zk-ivy/10.33.203.225:2181 <http://10.33.203.225:2181>, sessionid
= 0x58729e0540980002, negotiated timeout = 300002020-06-10 17:09:27,007 -
WARN  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@969
<http://0.0.0.0/0.0.0.0:2181:ZooKeeperServer@969>] - Client failed to SASL
authenticate: javax.security.sasl.SaslException: GSS initiate failed
[Caused by GSSException: Failure unspecified at GSS-API level (Mechanism
level: Invalid argument (400) - Cannot find key of appropriate type to
decrypt AP REP - AES256 CTS mode with HMAC SHA1-96)]2020-06-10 17:09:27,007
- WARN  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:ZooKeeperServer@975
<http://0.0.0.0/0.0.0.0:2181:ZooKeeperServer@975>] - Closing client
connection due to SASL authentication failure.2020-06-10 17:09:27,007 -
INFO  [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@1007
<http://0.0.0.0/0.0.0.0:2181:NIOServerCnxn@1007>] - Closed socket
connection for client /10.33.203.225:45018 <http://10.33.203.225:45018>
which had sessionid 0x58729e05409800022020-06-10 17:09:27,008 - ERROR
[NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@178
<http://0.0.0.0/0.0.0.0:2181:NIOServerCnxn@178>] - Unexpected Exception:
java.nio.channels.CancelledKeyExceptionat
sun.nio.ch.SelectionKeyImpl.ensureValid(SelectionKeyImpl.java:73)at
sun.nio.ch.SelectionKeyImpl.interestOps(SelectionKeyImpl.java:77)at
org.apache.zookeeper.server.NIOServerCnxn.sendBuffer(NIOServerCnxn.java:151)at
org.apache.zookeeper.server.NIOServerCnxn.sendResponse(NIOServerCnxn.java:1081)at
org.apache.zookeeper.server.ZooKeeperServer.processPacket(ZooKeeperServer.java:936)at
org.apache.zookeeper.server.NIOServerCnxn.readRequest(NIOServerCnxn.java:373)at
org.apache.zookeeper.server.NIOServerCnxn.readPayload(NIOServerCnxn.java:200)at
org.apache.zookeeper.server.NIOServerCnxn.doIO(NIOServerCnxn.java:244)at
org.apache.zookeeper.server.NIOServerCnxnFactory.run(NIOServerCnxnFactory.java:208)at
java.lang.Thread.run(Thread.java:748)2020-06-10 17:09:27,008 - INFO
 [main-SendThread(stage-kdc-zk-ivy:2181):ClientCnxn$SendThread@1142] -
Unable to read additional data from server sessionid 0x58729e0540980002,
likely server has closed socket, closing socket connection and attempting
reconnect2020-06-10 17:09:27,008 - WARN
 [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@346
<http://0.0.0.0/0.0.0.0:2181:NIOServerCnxn@346>] - Exception causing close
of session 0x58729e0540980002 due to
java.nio.channels.CancelledKeyException2020-06-10 17:10:01,317 - INFO
 [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197
<http://0.0.0.0/0.0.0.0:2181:NIOServerCnxnFactory@197>] - Accepted socket
connection from /127.0.0.1:45004 <http://127.0.0.1:45004>2020-06-10
17:10:01,318 - INFO
 [NIOServerCxn.Factory:0.0.0.0/0.0.0.0:2181:NIOServerCnxn@827
<http://0.0.0.0/0.0.0.0:2181:NIOServerCnxn@827>] - Processing mntr command
from /127.0.0.1:45004 <http://127.0.0.1:45004>*
























































*zookeeper shell client outputaparajita.singh@stage-kdc-zk-ivy:~$ sudo
/usr/hdp/2.4.0.0-169/zookeeper/bin/zookeeper-client -server
stage-kdc-zk-ivy get /test2log4j:WARN Large window sizes are not
allowed.log4j:WARN MaxIndex reduced to 13.Connecting to
stage-kdc-zk-ivyDebug is  true storeKey false useTicketCache true useKeyTab
true doNotPrompt true ticketCache is /tmp/krb5cc_0 isInitiator true KeyTab
is /etc/krb5.keytab refreshKrb5Config is false principal is
zookeeper/stage-kdc-zk-ivy@stage.fdp.kafka tryFirstPass is false
useFirstPass is false storePass is false clearPass is falseAcquire TGT from
CachePrincipal is zookeeper/stage-kdc-zk-ivy@stage.fdp.kafkanull
credentials from Ticket Cacheprincipal is
zookeeper/stage-kdc-zk-ivy@stage.fdp.kafkaWill use keytabCommit Succeeded
WATCHER::WatchedEvent state:SyncConnected type:None
path:nullWATCHER::WatchedEvent state:Disconnected type:None
path:nullException in thread "main"
org.apache.zookeeper.KeeperException$ConnectionLossException:
KeeperErrorCode = ConnectionLoss for /test2at
org.apache.zookeeper.KeeperException.create(KeeperException.java:99)at
org.apache.zookeeper.KeeperException.create(KeeperException.java:51)at
org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1155)at
org.apache.zookeeper.ZooKeeper.getData(ZooKeeper.java:1184)at
org.apache.zookeeper.ZooKeeperMain.processZKCmd(ZooKeeperMain.java:717)at
org.apache.zookeeper.ZooKeeperMain.processCmd(ZooKeeperMain.java:591)at
org.apache.zookeeper.ZooKeeperMain.run(ZooKeeperMain.java:354)at
org.apache.zookeeper.ZooKeeperMain.main(ZooKeeperMain.java:282)zoo.cfg#setACL=Falseautopurge.snapRetainCount=30tickTime=2000dataDir=/grid/1/var/lib/zookeeperzookeeper_jmx_port=9009initLimit=100syncLimit=5autopurge.purgeInterval=24clientPort=2181globalOutstandingLimit=5000maxClientCnxns=2000server.99=stage-kdc-zk-harley:2888:3888server.88=stage-kdc-zk-ivy:2888:3888server.77=stage-kdc-zk-2face:2888:3888authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProviderrequireClientAuthScheme=saslquorum.auth.enableSasl=truequorum.auth.learnerRequireSasl=truequorum.auth.serverRequireSasl=truequorum.auth.kerberos.servicePrincipal=host/stage-kdc-zk-ivy@stage.fdp.kafkaquorum.cnxn.threads.size=20*































































*java.envSERVER_JVMFLAGS="${SERVER_JVMFLAGS}
-Djava.security.auth.login.config=/home/aparajita.singh/jaas/jaas.conf
-Dzookeeper.authProvider.sasl=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
-Dsun.security.krb5.debug=true"CLIENT_JVMFLAGS="${CLIENT_JVMFLAGS}
-Djava.security.auth.login.config=/home/aparajita.singh/jaas/client.conf
-Dzookeeper.authProvider.sasl=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
-Dsun.security.krb5.debug=true"/home/aparajita.singh/jaas/jaas.conf//
Zookeeper server authenticationServer {
com.sun.security.auth.module.Krb5LoginModule required    useKeyTab=true
useTicketCache=false    //ticketCache="/tmp/krb5cc_0"    renewTicket=true
  doNotPrompt=true    debug=true    keyTab="/etc/krb5.keytab"
serviceName="host"    principal="host/stage-kdc-zk-ivy@stage.fdp.kafka";
}; // Zookeeper quorum server authenticationQuorumServer {
com.sun.security.auth.module.Krb5LoginModule required    useKeyTab=true
useTicketCache=false    //ticketCache="/tmp/krb5cc_0"    renewTicket=true
  doNotPrompt=true    debug=true    keyTab="/etc/krb5.keytab"
serviceName="host"    principal="host/stage-kdc-zk-ivy@stage.fdp.kafka";
}; // Zookeeper learner authenticationQuorumLearner {
com.sun.security.auth.module.Krb5LoginModule required    useKeyTab=true
useTicketCache=false    //ticketCache="/tmp/krb5cc_0"    renewTicket=true
  doNotPrompt=true    debug=true    keyTab="/etc/krb5.keytab"
serviceName="host"    principal="host/stage-kdc-zk-ivy@stage.fdp.kafka";
}; /home/aparajita.singh/jaas/client.conf// Zookeeper client
authenticationClient {    com.sun.security.auth.module.Krb5LoginModule
required    useKeyTab=true    useTicketCache=true
ticketCache="/tmp/krb5cc_0"    renewTicket=true    doNotPrompt=true
debug=true    keyTab="/etc/krb5.keytab"    serviceName="zookeeper"
principal="zookeeper/stage-kdc-zk-ivy@stage.fdp.kafka";    }; *
Using kinit command I am able to generate the TGT for both principals. As
per the zookeeper server log, the TGT can be generated as expected. The
keytab file is accessible to all system users for now. The below commands
don't give any output and the lack of error indicates that the ticket was
generated successfully. klist command also shows the latest ticket
generated as expected.

*aparajita.singh@stage-kdc-zk-ivy:~$ sudo /krb5/bin/kinit
zookeeper/stage-kdc-zk-ivy@stage.fdp.kafka -k -t /etc/krb5.keytab
aparajita.singh@stage-kdc-zk-ivy:~$ sudo /krb5/bin/kinit
host/stage-kdc-zk-ivy@stage.fdp.kafka -k -t /etc/krb5.keytab *


Thanks,
Aparajita

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message