I don't think a Kerberos ticket without the hostname makes sense. You almost always need a valid hostname and DNS for Kerberos to work successfully.
Kevin Risden On Sun, Jun 23, 2019 at 10:54 AM Rakesh Enjala <rakesh.enj...@solix.com.invalid> wrote: > Hi Team, > > Enabled solrcloud-7.4.0 with kerberos. While creating a collection getting > below error > > org.apache.http.impl.auth.HttpAuthenticator; NEGOTIATE authentication > error: No valid credentials provided (Mechanism level: No valid credentials > provided (Mechanism level: Server not found in Kerberos database (7))) > org.apache.http.client.protocol.ResponseProcessCookies; Cookie rejected > [hadoop.auth="", version:0, domain:xxx.xxx.com, path:/, expiry:xxxx > Illegal > domain attribute "". Domain of origin: "localhost" > > enabled krb5 debug true and am able to find the actual problem is that > sname is HTTP/localh...@realm.com, it should be HTTP/@DOMAIN1.COM not the > localhost > > solr.in.sh > > SOLR_AUTH_TYPE="kerberos" > > SOLR_AUTHENTICATION_OPTS="-DauthenticationPlugin=org.apache.solr.security.KerberosPlugin > -Djava.security.auth.login.config=/solr/jaas.conf > -Dsun.security.krb5.debug=true -Dsolr.kerberos.cookie.domain= > -Dsolr.kerberos.name.rules=DEFAULT -Dsolr.kerberos.principal=HTTP/@ > DOMAIN1.COM -Dsolr.kerberos.keytab=/solr/HTTP.keytab" > > Please help me out! > *Regards,* > *Rakesh Enjala* >