For enabling kerberos for zookeeper, we need to follow the below steps: 1) Setup external zookeeper. 2) create file conf/jaas.conf which will contain server keytab and principal. Server {   com.sun.security.auth.module.Krb5LoginModule required   useKeyTab=true   keyTab="/zookeeper/conf/zkpr.keytab"   storeKey=true   useTicketCache=false   principal="zookeeper/localhost@EXAMPLE.COM"; }; 3) create file conf/java.env export JVMFLAGS="-Djava.security.auth.login.config=/zookeeper/conf/jaas.conf" export...

Here are some of the errors you face while setting up kerberos enabled hadoop 1) Be sure to validate your ticket and keytab file. Ticket Validation: klist Output: Ticket cache: FILE:/tmp/krb5cc_1001 Default principal: zookeeper/localhost@EXAMPLE.COM Valid starting       Expires              Service principal 2017-05-22T18:40:52  2017-05-23T04:40:52  krbtgt/EXAMPLE.COM@EXAMPLE.COM renew until 2017-05-29T18:40:52 Keytab validation: kinit...

For YARN,add following properties in yarn-site.xml: <!-- resource manager secure configuration info --> <property>   <name>yarn.resourcemanager.principal</name>   <value><PRINCIPAL></value> </property> <property>   <name>yarn.resourcemanager.keytab</name>   <value><KEYTAB_PATH></value> </property> <!-- remember the principal for the node manager is the principal for the host this...

1) Add following properties in hdfs-site.xml <!-- NameNode security config --> <property>   <name>dfs.namenode.keytab.file</name>   <value><KEYTAB_PATH></value> <!-- path to the HDFS keytab --> </property> <property>   <name>dfs.namenode.kerberos.principal</name>   <value><PRINCIPAL></value> </property> <property>   <name>dfs.datanode.keytab.file</name>  ...