Hadoop cluster is using Kerberos authentication. Testing the Hadoop cluster metadata connection by providing the keytab and service principal name (SPN), the following error is observed:
Caused by: java.io.IOException: Login failure for user @DOMAIN from keytab D:/Hadoop/Kerberos/Cloudera/key.keytab: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: Illegal principal name user @DOMAIN: org.apache.hadoop.security.authentication.util.KerberosName$NoMatchingRule: No rules applied to user @DOMAIN
Note: when generating the Kerberos ticket using keytab and SPN on the Hadoop node, the same error is observed.
The SPN (user@DOMAIN) does not match the rule specified on the Hadoop cluster. This is a Kerberos authentication issue of Hadoop.
Ensure that the service principal name (SPN) follows the rules defined in the Hadoop property: hadoop.security.auth_to_local.