My Oracle Support Banner

Enabling AES, Disabling RC4 Cipher Suites For Kerberos Encryption On Big Data Appliance (Doc ID 2930581.1)

Last updated on APRIL 17, 2023

Applies to:

Big Data Appliance Integrated Software - Version 4.13.0 to 5.2.0 [Release 4.10 to 5.0]
Information in this document applies to any platform.

Goal

To configure Kerberos encryption on Big Data Appliance (BDA) to enable AES cipher suites and disable RC4.

To configure Microsoft Active Directory (AD) to support AES cipher suites with Kerberos on BDA.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Goal
Solution
 Actions on Microsoft Active Directory
 Apply required patches
 Update CDH principal permissions
 Disable RC4
 Actions on Big Data Appliance
 Stop all services
 Update Kerberos settings in Cloudera Manager
 Deploy the new Kerberos client configuration
 Regenerate Kerberos credentials
 Start all services
 Troubleshooting
 Services fail to start with "KDC has no support for encryption type"
 YARN and HDFS fail to start
 HiveServer2 Web UI fails with HTTP 403
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.