Hi,
My question is:
1.When kerberos in cdh5.14 has been hosted by cm, modify the kerberos configuration in cm, but /var/kerberos/krb5kdc/kdc.conf and /etc/krb5.conf are the same with before. It seems the kerberos configuration is in another position. Does anyone know this?
2.When flink 1.8 on cdh5.14 yarn is running, it reports GSS initiate failed {caused by GSSException: No valid credentials provided} after 24 hours, then the program fails and terminates. It is suspected that the kerberos ticket renew is failed. Is it because I configurated wrong? Or does flink1.8 still not support renew? When I originally used Spark, it would automatically renew.
My configuration:
1.flink-conf.yaml:
security.kerberos.login.use-ticket-cache: false
security.kerberos.login.keytab: /home/zjf/zjf.keytab
security.kerberos.login.contexts: Client,KafkaClient
zookeeper.sasl.service-name: zookeeper
zookeeper.sasl.login-context-name: Client
2./var/kerberos/krb5kdc/kdc.conf:
3./etc/krb5.conf:
I have added max_renewable_life configuration,and run "systemctl restart krb5kdc", and it didn't work。
then i check the kerberos debug log,see the following logs:
Forwardable Ticket true
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time =Fri Apr 30 14:38:36 CST 2021
Start Time =Fri Apr 30 14:38:36 CST 2021
End Time =Sat May 01 14:38:36 CST 2021
Renew Till = null
Can anyone help me? Thanks