I have 5 node RH clluster & 1 AD. I used centrify express to integrate with AD.
HW distribution.
enabled kerberos and stored all SPN's on AD by creating a seperate OU.
when i try with UPN it just works fine:
[rvchinta@mas1 ~]$ klist
Ticket cache: FILE:/tmp/krb5cc_cdc205522005_Tw5Vfh
Default principal: rvchinta@CHRSV.COM
Valid starting Expires Service principal
05/12/17 10:32:30 05/12/17 20:32:30 krbtgt/CHRSV.COM@CHRSV.COM
renew until 05/19/17 10:32:30
[rvchinta@mas1 ~]$ hdfs dfs -ls /
Found 11 items
drwxrwxrwx - yarn hadoop 0 2017-05-08 21:14 /app-logs
drwxr-xr-x - hdfs hdfs 0 2017-05-08 21:16 /apps
drwxr-xr-x - yarn hadoop 0 2017-05-08 21:01 /ats
drwxr-xr-x - hdfs hdfs 0 2017-05-08 21:02 /hdp
drwxr-xr-x - mapred hdfs 0 2017-05-08 21:02 /mapred
drwxrwxrwx - mapred hadoop 0 2017-05-08 21:02 /mr-history
drwxr-xr-x - hdfs hdfs 0 2017-05-09 13:17 /ranger
drwxrwxrwx - spark hadoop 0 2017-05-12 10:53 /spark-history
drwxrwxrwx - spark hadoop 0 2017-05-12 10:52 /spark2-history
drwxrwxrwx - hdfs hdfs 0 2017-05-12 08:44 /tmp
drwxr-xr-x - hdfs hdfs 0 2017-05-09 10:05 /user
issue is with SPN
[root@mas1 rvchinta]# su hdfs
[hdfs@mas1 rvchinta]$ klist
klist: Credentials cache permissions incorrect while setting cache flags (ticket cache FILE:/tmp/krb5cc_cdc205522005_Tw5Vfh)
[hdfs@mas1 rvchinta]$ kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-hwhc@CHRSV.COM
[hdfs@mas1 rvchinta]$ klist
klist: Credentials cache permissions incorrect while setting cache flags (ticket cache FILE:/tmp/krb5cc_cdc205522005_Tw5Vfh)
[hdfs@mas1 rvchinta]$
how do i address this issue?