I have set up a python docker image and included a krb5.conf file, keytab file, and python libraries. I am running a python script that authenticates to a kerborized hadoop cluster. I am running into the error: Stderr: kinit: Client '[email protected]' not found in Kerberos database while getting initial credentials.
I dont know why it is failing on the client root
when I set up svc_account
. Do I need to add something to this krb5.conf file or something like this?
The following is my python code:
import ssl
from impala.dbapi import connect
import os
os.system("kinit")
conn = connect(host='impala/[email protected]', port=21050, use_ssl=True, user='[email protected]', auth_mechanism = 'GSSAPI')
cur = conn.cursor()
cur.execute('SHOW DATABASES;')
result=cur.fetchall()
for data in result:
print (data)
I have set up the krb5.keytab
file:
addent -password -p [email protected] -k 1 -e rc4-hmac
addent -password -p [email protected] -k 1 -e aes256-cts
addent -password -p [email protected] -k 1 -e aes128-cts
wkt /etc/krb5.keytab
The following is my krb5.conf
file:
[libdefaults]
default_realm = MY.DOMAIN.LOCAL
dns_lookup_kdc = false
dns_lookup_realm = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts aes128-cts rc4-hmac
default_tkt_enctypes = aes256-cts aes128-cts rc4-hmac
permitted_enctypes = aes256-cts aes128-cts rc4-hmac
udp_preference_limit = 1
kdc_timeout = 3000
[realms]
MY.DOMAIN.LOCAL = {
kdc = server1primary.my.domain.local
admin_server = server1primary.my.domain.local
default_domain = MY.DOMAIN.LOCAL
}
[domain_realm]
MY.DOMAIN.LOCAL = MY.DOMAIN.LOCAL
The following fixed my issue:
os.system("kinit -kt /etc/krb5.keytab [email protected]")