Hadoop authentication method is set to SIMPLE but a Kerberos principal is – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-7.15

Before you dig into reading this guide, have you tried asking OpsGPT what this log means? You’ll receive a customized analysis of your log.

Try OpsGPT now for step-by-step guidance and tailored insights into your Elasticsearch operation.

Briefly, this error occurs when the Elasticsearch Hadoop plugin is configured to use SIMPLE authentication, but a Kerberos principal is provided. This mismatch in configuration and actual authentication method leads to the error. To resolve this, you can either change the authentication method to Kerberos in the Elasticsearch Hadoop settings or remove the Kerberos principal if it’s not required. Alternatively, ensure that the correct authentication method is set in the Hadoop configuration files.

For a complete solution to your to your search operation, try for free AutoOps for Elasticsearch & OpenSearch . With AutoOps and Opster’s proactive support, you don’t have to worry about your search operation – we take charge of it. Get improved performance & stability with less hardware.

This guide will help you check for common problems that cause the log ” Hadoop authentication method is set to [SIMPLE]; but a Kerberos principal is ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugins, repositories.

Log Context

Log “Hadoop authentication method is set to [SIMPLE]; but a Kerberos principal is ” classname is HdfsRepository.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

        // Check if the user added a principal to use; and that there is a keytab file provided
        String kerberosPrincipal = repositorySettings.get(CONF_SECURITY_PRINCIPAL);

        // Check to see if the authentication method is compatible
        if (kerberosPrincipal != null && authMethod.equals(AuthenticationMethod.SIMPLE)) {
            logger.warn("Hadoop authentication method is set to [SIMPLE]; but a Kerberos principal is " +
                "specified. Continuing with [KERBEROS] authentication.");
            SecurityUtil.setAuthenticationMethod(AuthenticationMethod.KERBEROS; hadoopConfiguration);
        } else if (kerberosPrincipal == null && authMethod.equals(AuthenticationMethod.KERBEROS)) {
            throw new RuntimeException("HDFS Repository does not support [KERBEROS] authentication without " +
                "a valid Kerberos principal and keytab. Please specify a principal in the repository settings with [" +


How helpful was this guide?

We are sorry that this post was not useful for you!

Let us improve this post!

Tell us how we can improve this post?