Hello together,

 

Hope this mailing list is the correct place to ask.

 

I'm trying to retrieve data from the hdf (hortonworks dataflow) schema registry that has kerberos enabled.

 

I'm using the following command:

 

curl -v --negotiate -u : sandbox-hdf.hortonworks.com:7788

 

Before doing this i used kinit to get a ticket from kerberos.

 

I currently get the following output:

 

* Rebuilt URL to: sandbox-hdf.hortonworks.com:7788/
*   Trying 192.168.0.170...
* TCP_NODELAY set
* Connected to sandbox-hdf.hortonworks.com (192.168.0.170) port 7788 (#0)
> GET / HTTP/1.1
> Host: sandbox-hdf.hortonworks.com:7788
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 401 Authentication required
< Server: nginx/1.15.0
< Date: Fri, 30 Nov 2018 09:28:55 GMT
< Content-Type: text/html;charset=iso-8859-1
< Content-Length: 260
< Connection: keep-alive
< WWW-Authenticate: Negotiate
< Set-Cookie: hadoop.auth=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly
< Cache-Control: must-revalidate,no-cache,no-store
< 
* Ignoring the response-body
* Connection #0 to host sandbox-hdf.hortonworks.com left intact
* Issue another request to this URL: 'http://sandbox-hdf.hortonworks.com:7788/'
* Found bundle for host sandbox-hdf.hortonworks.com: 0x560745e63680 [can pipeline]
* Re-using existing connection! (#0) with host sandbox-hdf.hortonworks.com
* Connected to sandbox-hdf.hortonworks.com (192.168.0.170) port 7788 (#0)
* Server auth using Negotiate with user ''
> GET / HTTP/1.1
> Host: sandbox-hdf.hortonworks.com:7788
> Authorization: Negotiate YIICnwYGKwYBBQUCoIICkzCCAo+gDTALBgkqhkiG9xIBAgKiggJ8BIICeGCCAnQGCSqGSIb3EgECAgEAboICYzCCAl+gAwIBBaEDAgEOogcDBQAgAAAAo4IBdmGCAXIwggFuoAMCAQWhCxsJQk9TLkxPQ0FMoi4wLKADAgEDoSUwIxsESFRUUBsbc2FuZGJveC1oZGYuaG9ydG9ud29ya3MuY29to4IBKDCCASSgAwIBEqEDAgEBooIBFgSCARLjVduQXWgzw3z7DuqdW0+eaXMYw2UKRbRs6tW9roVe03BT0PHfaX1ohFHJM+LVVo9aInpoQBxJoXj8Rm/0Pg2PxYWehZxIFOAn746ZRNIT/i8dQ0/ZjJOj37YAPZ+uaSzrL/U/8NGqBj1QS0e0KazZmEXEkbxxqaMk2V8iADOEwI41VU4SXr5EKvrIF+svC+rXh/2llDBx1EVO6wux7hw6/evf0+OasnlpuP3FU3UwaAnAC1+9KayMAFOgcvhKtYbA4c8d7XLNQ39FhfY5iOWeVRX3jgfHsi+gAsuWaeaTL9k/HtJJLR/KVu5E4IB8wPSiyjhlcZgPCSoHGPZxULN2dTNSD4xP4d6Z7AVeYwmx/8HUpIHPMIHMoAMCARKigcQEgcF+vHtra5N8crh2woxyNi4iDB7So4FTPExAB/XiJCQMywj4cJzoGpfKmz4qNpUw2N/jRQPV4/AhKRnUlmIGLx7VzCve4jpZSmy2Yo4w022G6pB1IgqFVVdYr/xJh0OL4UUm+KWwqxphQFh+pw2W1Jpg0Jrp3TEK8byy26vrvBoZ68YSQTLZssKIiLGCBOe1uQV91H090SDj4+yT+Eack4TG8alOF1EizM+Dcfn6qhcMkL1aVDwMKH2xkwawtRaCp5W9
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 403 GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)
< Server: nginx/1.15.0
< Date: Fri, 30 Nov 2018 09:28:55 GMT
< Content-Type: text/html;charset=iso-8859-1
< Content-Length: 418
< Connection: keep-alive
< Set-Cookie: hadoop.auth=; Expires=Thu, 01-Jan-1970 00:00:00 GMT; HttpOnly
< Cache-Control: must-revalidate,no-cache,no-store
< 
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8"/>
<title>Error 403 GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)</title>
</head>
<body><h2>HTTP ERROR 403</h2>
<p>Problem accessing /. Reason:
<pre>    GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos credentails)</pre></p>
</body>
</html>
* Closing connection 0
 

I'm a bit confused how it manages to negotiate with kerberos (at least i guess that's what this long blob after Authorization: Negotiate means) but it still says 'No valid credentials provided'

 

Can anyone tell me what I'm missing here or point me into the right direction?

 

Thanks in advance and a nice day