Setting Up Kerberos With Local KDC And One-way Trust Fails (Doc ID 2054481.1)

Last updated on SEPTEMBER 11, 2015

Applies to:

Big Data Appliance Integrated Software - Version 4.2.0 and later
Linux x86-64

Symptoms

Enabled Kerberos in the BDA cluster and configured a one-way trust from the AD to the local KDC on the BDA. Unfortunately the configuration does not seem to be working. We get the following after successfully kiniting a user from the AD:

Caused by: GSSException: No valid credentials provided (Mechanism level: Fail to create credential. (63) - No service creds)
  at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:770)
  at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:248)
  at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179)
  at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:192)
  ... 40 more
Caused by: KrbException: Fail to create credential. (63) - No service creds
  at sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:156)
  at sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:458)
  at sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:693)
  ... 43 more

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms