Logging a Security Support Case

Before you log a support case, ensure you have either part or all of the following information to help Support investigate your case:

For security-specific issues, continue reading:

Kerberos Issues

For Kerberos issues, your krb5.conf and kdc.conf files are valuable for support to be able to understand your configuration.
If you are having trouble with client access to the cluster, provide the output for klist -ef after kiniting as the user account on the client host in question. Additionally, confirm that your ticket is renewable by running kinit -R after successfully kiniting.
Specify if you are authenticating (kiniting) with a user outside of the Hadoop cluster's realm (such as Active Directory, or another MIT Kerberos realm).
If using AES-256 encryption, ensure you have the Unlimited Strength JCE Policy Files deployed on all cluster and client nodes.

Specify whether you are using a private/commercial CA for your certificates, or if they are self-signed. Note that Cloudera strongly recommends against using self-signed certificates in production clusters.
Clarify what services you are attempting to setup TLS/SSL for in your description.
When troubleshooting TLS/SSL trust issues, provide the output of the following openssl command:
```
openssl s_client -connect host.fqdn.name:port
```

Specify the LDAP service in use (Active Directory, OpenLDAP, one of Oracle Directory Server offerings, OpenDJ, etc)
Provide a screenshot of the LDAP configuration screen you are working with if you are troubleshooting setup issues.
Be prepared to troubleshoot using the ldapsearch command (requires the openldap-clients package) on the host where LDAP authentication or authorization issues are being seen.