more information about the Kerberos connection can be found in the debug log. You can enable and view them in the preferences → KNIME → Kerberos. Does this already solve the issue? If not, what Kerberos Server are you using?
I guess in the second image, the working knime_4_3_0 is on the right side and the non-working knime_4_6_0 on the left side? The posted logs are hard to read, and the important things are possible outside the window. Feel free to open a support ticket and provide the logs there, in a more secure way.
Are you using krb.conf inside KNIME, and if yes, do you have any encryption related setting in it?
Hi,
We are using cdp version 7.4.4.
I read the encryption type on the documentation and it looks like this:
Cloudera Manager allows you to configure the encryption types (or enctype) used by an Active Directory KDC to protect its data. Cloudera supports the following encryption types:
rc4-hmac
aes128-cts
aes256-cts
des-cbc-crc
des-cbc-md5
RC4 is considered weak since years and should not be used anymore.
You have to find an encryption that both, Java/KNIME and your Kerberos Server supports. What Kerberos server are you using? MIT, Microsoft Active Directory or some other?
We use kerberos on Active Directory (windows server 2016).
Ok RC4 is deprecated, but aes256-cts?
Anyway I wanted to try to change the jdk on knime to see what happens, but with knime 4.3 I can, with knime 4.6 no? Why this?
KNIME requires a recent Java version, old Java versions are not supported anymore and this is a security problem, that’s why you can’t downgrade the Java version.
Hi Sasha,
Maybe we use both keys for the kerberos connection to hadoop, so I can login but not the hadoop connection.
But I would need to know which version of java uses knime 4_6_0 → jdk, jre and jvm, to understand the problem with the kerberos server.
Can you provide me with this information?
you can find the Java Version in the KNIME AP this way:
Help → About KNIME Analytics Platform → Installation Details
Then search JRE in the new Dialog on the Plug-Ins Tab
In the latest Version of KNIME (4.6.3) this is Java 17.0.3.
If you are working in a test setup, adding allow_weak_crypto = true to your krb5.conf might be something as a quick workaround (see here). Please note that RC4 is considered weak and a security risk.