Hello, I have set up one way cross realm auth from AD to MIT Kerberos and am able to successfully kinit and submit jobs to the cluster. When I try to access the jobs from curl/browser, I get the below error.
hugo@cdh512-1 ~]$ curl --insecure -i --negotiate -u : https://cdh512-1.test.com:19890/jobhistory/job/job_1505548356450_0001 HTTP/1.1 401 Authentication required Cache-Control: must-revalidate,no-cache,no-store Date: Sat, 16 Sep 2017 09:53:29 GMT Pragma: no-cache Date: Sat, 16 Sep 2017 09:53:29 GMT Pragma: no-cache Content-Type: text/html; charset=iso-8859-1 X-FRAME-OPTIONS: SAMEORIGIN WWW-Authenticate: Negotiate Set-Cookie: hadoop.auth=; Path=/; Secure; HttpOnly Content-Length: 1430 <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/> <title>Error 401 Authentication required</title> </head> <body><h2>HTTP ERROR 401</h2> <p>Problem accessing /jobhistory/job/job_1505548356450_0001. Reason: <pre> Authentication required</pre></p><hr /><i><small>Powered by Jetty://</small></i><br/> <br/> [hugo@cdh512-1 ~]$ klist -fe Ticket cache: FILE:/tmp/krb5cc_1672225963 Default principal: h...@ad.test.com Valid starting Expires Service principal 09/16/2017 00:49:34 09/16/2017 01:04:32 krbtgt/ad.test....@ad.test.com renew until 09/16/2017 01:07:40, Flags: FRIA Etype (skey, tkt): aes256-cts-hmac-sha1-96, aes256-cts-hmac-sha1-96 But I can submit and run jobs and access HDFS. [hugo@cdh512-1 ~]$ hdfs dfs -ls Found 1 items drwx------ - hugo hugo 0 2017-09-16 00:55 .staging Any ideas what am i missing. I tried different key types but that didn't help. Thanks, Hugo