Kinit autentication does not create klist ticket

I´ve been trying to connect to a HDFS server protected by Kerberos for days.

I alterady have have Kerberos for windows installed here. And it shows me the valid/active ticket.

But as I run 'Klist' on prompt, I see no tickets

If I run Kinit on prompt, it asks for my password and returns 'Authenticated to Kerberos v5' but still does not show me any klist ticket.

If I create a new tickt, using prompt or Kerberos GUI, it comes back showing me an active/valid ticket, but klist still does not.

I am trying to connect to hdfs using KerberosClient, but as I connect, somehow it does not "see" my active ticked (as klist too), so I got a connection denial.

I´ve setup the KRB5_CONFIG and KRB5CCNAME system variables to the folder exposed above.

What am I doing wrong?

Your system has two Kerberos libraries (MIT KfW & Windows SSPI) and two different klist tools:

1. the Windows klist.exe, which only shows the Windows LSA in-memory ticket cache that will be used by "Windows native" SSPI-based applications;

2. the MIT Kerberos klist.exe, which shows the file-based $KRB5CCNAME ticket cache that will be used by MIT "gssapi32.dll" GSSAPI-based applications.

3. (sometimes also the Java JRE klist.exe as well!)

If your HDFS client uses $KRB5CCNAME (e.g. if it uses GSSAPI via gssapi32.dll), then you need to run the MIT KfW klist.exe specifically. Use where.exe kinit to find out where it's located, then run it by full path.

On the other hand, if your HDFS client uses SSPI, then MIT KfW won't help you much – it can access tickets in the "MSLSA:" cache, but as far as I know it cannot put new tickets there. (It is possible to easily make SSPI acquire tickets for non-AD Kerberos services, but that's a different topic.)