Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Thanks everyone for responding! I could solve the problem. The problem was the headless keytab file. The steps that I did to solve my problem:

  • Created two principals on my Kerberos host in this scheme:

1)Headless principle (sdc@MYCOMPANY.REALM)

2) Service principle (sdc/HOSTNAME.FQDN@MYCOMPANY.REALM)

  • Created keytab file just for the service principle and changed permission to sdc user with chown
  • Deployed keytab to StreamSets Host under /etc/security/keytabs/
  • Stopped sdc with systemctl and configured the Kerberos properties under $SDC_CONF/sdc.properties:

1) kerberos.client.enabled=true

2) kerberos.client.principal=sdc/HOSTNAME.FQDN@MYCOMPANY.REALM

3) kerberos.client.keytab=/etc/security/keytabs/myService.keytab

  • Started sdc with systemctl again and it worked as expected

Inside $SDC_CONF/sdc.properties it is declared that the principal should be a service principal! Since my old keytab file was headless and the given principal name in sdc.properties was without FQDN, sdc replaced the principal name with the FQDN. Therefore the declared principal name was different to my old keytab file and it didn't work.

Thanks everyone.

Thanks everyone for responding! I could solve the problem. The problem was the headless keytab file. The steps that I did to solve my problem:

  • Created two principals on my Kerberos host in this scheme:

1)Headless principle (sdc@MYCOMPANY.REALM)

2) Service principle (sdc/HOSTNAME.FQDN@MYCOMPANY.REALM)

  • Created keytab file just for the service principle and changed permission to sdc user with chown
  • Deployed keytab to StreamSets Host under /etc/security/keytabs/
  • Stopped sdc with systemctl and configured the Kerberos properties under $SDC_CONF/sdc.properties:

1) kerberos.client.enabled=true

2) kerberos.client.principal=sdc/HOSTNAME.FQDN@MYCOMPANY.REALM

3) kerberos.client.keytab=/etc/security/keytabs/myService.keytab

  • Started sdc with systemctl again and it worked as expected

Inside $SDC_CONF/sdc.properties it is declared that the principal should be a service principal! principal! Since my old keytab file was headless and the given principal name in sdc.properties was without FQDN, sdc replaced the principal name with the FQDN. Therefore the declared principal name was different to my old keytab file and it didn't work.

Thanks everyone.

Thanks everyone for responding! I could solve the problem. The problem was the headless keytab file. The steps that I did to solve my problem:

  • Created two principals on my Kerberos host in this scheme:

1)Headless

  1. Headless principle (sdc@MYCOMPANY.REALM)

    2) (sdc@MYCOMPANY.REALM)

  2. Service principle (sdc/HOSTNAME.FQDN@MYCOMPANY.REALM)

(sdc/HOSTNAME.FQDN@MYCOMPANY.REALM)

  • Created keytab file just for the service principle and changed permission to sdc user with chown
  • Deployed keytab to StreamSets Host under /etc/security/keytabs/
  • Stopped sdc with systemctl and configured the Kerberos properties under $SDC_CONF/sdc.properties:$SDC_CONF/sdc.properties:

1)

  • kerberos.client.enabled=true

    2)

  • kerberos.client.principal=sdc/HOSTNAME.FQDN@MYCOMPANY.REALM

    3)

  • kerberos.client.keytab=/etc/security/keytabs/myService.keytab

    • Started sdc with systemctl again and it worked as expected

    Inside $SDC_CONF/sdc.properties $SDC_CONF/sdc.properties it is declared that the principal should be a service principal! Since my old keytab file was headless and the given principal name in sdc.properties sdc.properties was without FQDN, sdc replaced the principal name with the FQDN. Therefore the declared principal name was different to my old keytab file and it didn't work.

    Thanks everyone.