You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@impala.apache.org by Anushka Hewawitharana <he...@gmail.com> on 2021/08/26 14:34:35 UTC
Impala authentication with kerberos error where Active Directory
works as KDC (AWS Deployment)
Hi Team,
We have an impala cluster which uses Kudu as a storage layer.
Our setup has deployed on aws ec2 instances.
We *replaced* MIT KERBEROS with Active directory managed kdc(Here we used *AWS
managed AD*) .
We got the below error after the change we mentioned above.
(SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor
code may provide more information (*Server not found in Kerberos database*))
We have created principles like below
impala/*hostname*@DOMAIN
hostname=> OS level FQDN
we sorted above issue after *replacing* "OS level FQDN " with *AWS managed
instance name *as below
impala/*awsinstancename*@DOMAIN
Any alternatives to overcome this?
Because we have a requirement to avoid re-creation of principles if new
ec2 is added with the same hostname .
ex:-
Lets say we create another cluster on a separate vpc with the same hostname
we can reuse principles if they bind with *os level fqdn* . (impala/
*hostname*@DOMAIN)
But if principles bind with *aws managed instance name *we have to recreate
the principles
Kindly advise
Regards
Anushke