Allow all Kerberos principals to issue renewable tickets

Without this change if the krb5.conf is configured to issue renewable
tickets by adding a non-zero `renew_lifetime` entry the JDK runs into
errors like

    RuntimeException: LoginException: Message stream modified (41)

This is related to the JDK bug
https://bugs.openjdk.java.net/browse/JDK-8131051 and can be worked
around by configuring the principals differently.

testing/cdh5.15-hive-kerberized-kms/Dockerfile

@@ -18,6 +18,7 @@ COPY ./files /
 RUN /usr/bin/extract_rpms.sh hadoop-kms
 
 FROM testing/cdh5.15-hive-kerberized:unlabelled
+ARG ADDPRINC_ARGS="-maxrenewlife \"10 days\" +allow_renewable"
 COPY --from=builder /rpms/ /rpms/
 
 RUN set -xeu \
@@ -38,7 +39,7 @@ RUN set -xeu && \
     for username in alice bob charlie; do \
         groupadd "${username}_group" && \
         useradd -g "${username}_group" "${username}" && \
-        /usr/sbin/kadmin.local -q "addprinc -randkey ${username}/hadoop-master@LABS.TERADATA.COM" && \
+        /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey ${username}/hadoop-master@LABS.TERADATA.COM" && \
         /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/hive/conf/${username}.keytab ${username}/hadoop-master"; \
     done && \
     echo OK

testing/cdh5.15-hive-kerberized/Dockerfile

@@ -12,6 +12,8 @@
 
 FROM testing/cdh5.15-hive:unlabelled
 
+ARG ADDPRINC_ARGS="-maxrenewlife \"10 days\" +allow_renewable"
+
 # INSTALL KERBEROS
 RUN yum install -y krb5-libs krb5-server krb5-workstation
 
@@ -25,10 +27,10 @@ RUN /usr/local/bin/apply-all-site-xml-overrides /overrides && rm -Rf /overrides
 RUN /usr/sbin/kdb5_util create -s -P password
 
 # ADD HADOOP PRINCIPALS
-RUN /usr/sbin/kadmin.local -q "addprinc -randkey hdfs/hadoop-master@LABS.TERADATA.COM" \
-  && /usr/sbin/kadmin.local -q "addprinc -randkey mapred/hadoop-master@LABS.TERADATA.COM" \
-  && /usr/sbin/kadmin.local -q "addprinc -randkey yarn/hadoop-master@LABS.TERADATA.COM" \
-  && /usr/sbin/kadmin.local -q "addprinc -randkey HTTP/hadoop-master@LABS.TERADATA.COM" 
+RUN /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey hdfs/hadoop-master@LABS.TERADATA.COM" \
+  && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey mapred/hadoop-master@LABS.TERADATA.COM" \
+  && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey yarn/hadoop-master@LABS.TERADATA.COM" \
+  && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey HTTP/hadoop-master@LABS.TERADATA.COM" 
 
 # CREATE HADOOP KEYTAB FILES
 RUN /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/hadoop/conf/hdfs.keytab hdfs/hadoop-master HTTP/hadoop-master" \
@@ -42,7 +44,7 @@ RUN chown hdfs:hadoop /etc/hadoop/conf/hdfs.keytab \
   && chmod 644 /etc/hadoop/conf/*.keytab
 
 # CREATE HIVE PRINCIPAL AND KEYTAB
-RUN /usr/sbin/kadmin.local -q "addprinc -randkey hive/hadoop-master@LABS.TERADATA.COM" \
+RUN /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey hive/hadoop-master@LABS.TERADATA.COM" \
   && /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/hive/conf/hive.keytab hive/hadoop-master"
 RUN chown hive:hadoop /etc/hive/conf/hive.keytab \
   && chmod 644 /etc/hive/conf/hive.keytab
@@ -53,12 +55,12 @@ RUN chmod 6050 /etc/hadoop/conf/container-executor.cfg
 # Create legacy Presto and updated Trino principals and add them to keytabs
 RUN set -xeu && \
   for hostname in presto-master trino-coordinator presto-worker trino-worker presto-worker-1 trino-worker-1 presto-worker-2 trino-worker-2; do \
-      /usr/sbin/kadmin.local -q "addprinc -randkey presto-server/${hostname}.docker.cluster@LABS.TERADATA.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey trino-server/${hostname}.docker.cluster@LABS.TERADATA.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey HTTP/${hostname}.docker.cluster@LABS.TERADATA.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey presto-client/${hostname}.docker.cluster@LABS.TERADATA.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey trino-client/${hostname}.docker.cluster@LABS.TERADATA.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey hive/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey presto-server/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey trino-server/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey HTTP/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey presto-client/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey trino-client/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey hive/${hostname}.docker.cluster@LABS.TERADATA.COM" \
       && mkdir -p /etc/trino/conf \
       && /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/trino/conf/presto-server.keytab presto-server/${hostname}.docker.cluster" \
       && /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/trino/conf/trino-server.keytab trino-server/${hostname}.docker.cluster" \

testing/hdp2.6-hive-kerberized-2/Dockerfile

@@ -12,6 +12,8 @@
 
 FROM testing/hdp2.6-hive:unlabelled
 
+ARG ADDPRINC_ARGS="-maxrenewlife \"10 days\" +allow_renewable"
+
 # INSTALL KERBEROS
 RUN yum install -y krb5-libs krb5-server krb5-workstation \
   && yum -y clean all && rm -rf /tmp/* /var/tmp/*
@@ -26,10 +28,10 @@ RUN /usr/local/bin/apply-all-site-xml-overrides /overrides && rm -Rf /overrides
 RUN /usr/sbin/kdb5_util create -s -P password
 
 # ADD HADOOP PRINCIPALS
-RUN /usr/sbin/kadmin.local -q "addprinc -randkey hdfs/hadoop-master-2@OTHERREALM.COM" \
-  && /usr/sbin/kadmin.local -q "addprinc -randkey mapred/hadoop-master-2@OTHERREALM.COM" \
-  && /usr/sbin/kadmin.local -q "addprinc -randkey yarn/hadoop-master-2@OTHERREALM.COM" \
-  && /usr/sbin/kadmin.local -q "addprinc -randkey HTTP/hadoop-master-2@OTHERREALM.COM"
+RUN /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey hdfs/hadoop-master-2@OTHERREALM.COM" \
+  && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey mapred/hadoop-master-2@OTHERREALM.COM" \
+  && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey yarn/hadoop-master-2@OTHERREALM.COM" \
+  && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey HTTP/hadoop-master-2@OTHERREALM.COM"
 
 # CREATE HADOOP KEYTAB FILES
 RUN /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/hadoop/conf/hdfs.keytab hdfs/hadoop-master-2 HTTP/hadoop-master-2" \
@@ -43,20 +45,20 @@ RUN chown hdfs:hadoop /etc/hadoop/conf/hdfs.keytab \
   && chmod 644 /etc/hadoop/conf/*.keytab
 
 # CREATE HIVE PRINCIPAL AND KEYTAB
-RUN /usr/sbin/kadmin.local -q "addprinc -randkey hive/hadoop-master-2@OTHERREALM.COM" \
+RUN /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey hive/hadoop-master-2@OTHERREALM.COM" \
   && /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/hive/conf/hive.keytab hive/hadoop-master-2"
 RUN chown hive:hadoop /etc/hive/conf/hive.keytab \
   && chmod 644 /etc/hive/conf/hive.keytab
 
 # Create legacy Presto and updated Trino principals and add them to keytabs
 RUN set -xeu && \
   for hostname in presto-master trino-coordinator presto-worker trino-worker presto-worker-1 trino-worker-1 presto-worker-2 trino-worker-2; do \
-      /usr/sbin/kadmin.local -q "addprinc -randkey presto-server/${hostname}.docker.cluster@OTHERREALM.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey trino-server/${hostname}.docker.cluster@OTHERREALM.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey HTTP/${hostname}.docker.cluster@OTHERREALM.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey presto-client/${hostname}.docker.cluster@OTHERREALM.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey trino-client/${hostname}.docker.cluster@OTHERREALM.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey hive/${hostname}.docker.cluster@OTHERREALM.COM" \
+      /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey presto-server/${hostname}.docker.cluster@OTHERREALM.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey trino-server/${hostname}.docker.cluster@OTHERREALM.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey HTTP/${hostname}.docker.cluster@OTHERREALM.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey presto-client/${hostname}.docker.cluster@OTHERREALM.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey trino-client/${hostname}.docker.cluster@OTHERREALM.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey hive/${hostname}.docker.cluster@OTHERREALM.COM" \
       && mkdir -p /etc/trino/conf \
       && /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/trino/conf/presto-server.keytab presto-server/${hostname}.docker.cluster" \
       && /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/trino/conf/trino-server.keytab trino-server/${hostname}.docker.cluster" \

testing/hdp2.6-hive-kerberized/Dockerfile

@@ -12,6 +12,8 @@
 
 FROM testing/hdp2.6-hive:unlabelled
 
+ARG ADDPRINC_ARGS="-maxrenewlife \"10 days\" +allow_renewable"
+
 # INSTALL KERBEROS
 RUN yum install -y krb5-libs krb5-server krb5-workstation \
   && yum -y clean all && rm -rf /tmp/* /var/tmp/*
@@ -29,10 +31,10 @@ RUN /usr/sbin/kdb5_util create -s -P password
 RUN /usr/sbin/kdb5_util create -d /var/kerberos/krb5kdc/principal-other -r OTHERLABS.TERADATA.COM -s -P password
 
 # ADD HADOOP PRINCIPALS
-RUN /usr/sbin/kadmin.local -q "addprinc -randkey hdfs/hadoop-master@LABS.TERADATA.COM" \
-  && /usr/sbin/kadmin.local -q "addprinc -randkey mapred/hadoop-master@LABS.TERADATA.COM" \
-  && /usr/sbin/kadmin.local -q "addprinc -randkey yarn/hadoop-master@LABS.TERADATA.COM" \
-  && /usr/sbin/kadmin.local -q "addprinc -randkey HTTP/hadoop-master@LABS.TERADATA.COM"
+RUN /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey hdfs/hadoop-master@LABS.TERADATA.COM" \
+  && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey mapred/hadoop-master@LABS.TERADATA.COM" \
+  && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey yarn/hadoop-master@LABS.TERADATA.COM" \
+  && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey HTTP/hadoop-master@LABS.TERADATA.COM"
 
 # CREATE HADOOP KEYTAB FILES
 RUN /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/hadoop/conf/hdfs.keytab hdfs/hadoop-master HTTP/hadoop-master" \
@@ -46,36 +48,36 @@ RUN chown hdfs:hadoop /etc/hadoop/conf/hdfs.keytab \
   && chmod 644 /etc/hadoop/conf/*.keytab
 
 # CREATE HIVE PRINCIPAL AND KEYTAB
-RUN /usr/sbin/kadmin.local -q "addprinc -randkey hive/hadoop-master@LABS.TERADATA.COM" \
+RUN /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey hive/hadoop-master@LABS.TERADATA.COM" \
   && /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/hive/conf/hive.keytab hive/hadoop-master"
 RUN chown hive:hadoop /etc/hive/conf/hive.keytab \
   && chmod 644 /etc/hive/conf/hive.keytab
 
 # CREATE HIVE PRINCIPAL IN THE OTHER REALM
-RUN /usr/sbin/kadmin.local -r OTHERLABS.TERADATA.COM -d /var/kerberos/krb5kdc/principal-other -q "addprinc -randkey hive/hadoop-master@OTHERLABS.TERADATA.COM" \
+RUN /usr/sbin/kadmin.local -r OTHERLABS.TERADATA.COM -d /var/kerberos/krb5kdc/principal-other -q "addprinc ${ADDPRINC_ARGS} -randkey hive/hadoop-master@OTHERLABS.TERADATA.COM" \
   && /usr/sbin/kadmin.local -r OTHERLABS.TERADATA.COM -d /var/kerberos/krb5kdc/principal-other -q "xst -norandkey -k /etc/hive/conf/hive-other.keytab hive/hadoop-master"
 RUN chown hive:hadoop /etc/hive/conf/hive-other.keytab \
   && chmod 644 /etc/hive/conf/hive-other.keytab
 
 # CREATE HDFS PRINCIPAL IN OTHER REALM
-RUN /usr/sbin/kadmin.local -r OTHERLABS.TERADATA.COM -d /var/kerberos/krb5kdc/principal-other -q "addprinc -randkey hdfs/hadoop-master@OTHERLABS.TERADATA.COM" \
+RUN /usr/sbin/kadmin.local -r OTHERLABS.TERADATA.COM -d /var/kerberos/krb5kdc/principal-other -q "addprinc ${ADDPRINC_ARGS} -randkey hdfs/hadoop-master@OTHERLABS.TERADATA.COM" \
   && /usr/sbin/kadmin.local -r OTHERLABS.TERADATA.COM -d /var/kerberos/krb5kdc/principal-other -q "xst -norandkey -k /etc/hadoop/conf/hdfs-other.keytab hdfs/hadoop-master"
 RUN chown hdfs:hadoop /etc/hadoop/conf/hdfs-other.keytab \
   && chmod 644 /etc/hadoop/conf/hdfs-other.keytab
 
 # MAKE 'LABS.TERADATA.COM' TRUST 'OTHERLABS.TERADATA.COM'
-RUN /usr/sbin/kadmin.local -q "addprinc -pw 123456 krbtgt/LABS.TERADATA.COM@OTHERLABS.TERADATA.COM"
-RUN /usr/sbin/kadmin.local -r OTHERLABS.TERADATA.COM -d /var/kerberos/krb5kdc/principal-other -q "addprinc -pw 123456 krbtgt/LABS.TERADATA.COM"
+RUN /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -pw 123456 krbtgt/LABS.TERADATA.COM@OTHERLABS.TERADATA.COM"
+RUN /usr/sbin/kadmin.local -r OTHERLABS.TERADATA.COM -d /var/kerberos/krb5kdc/principal-other -q "addprinc ${ADDPRINC_ARGS} -pw 123456 krbtgt/LABS.TERADATA.COM"
 
 # Create legacy Presto and Trino principals and add them to keytabs
 RUN set -xeu && \
   for hostname in presto-master trino-coordinator presto-worker trino-worker presto-worker-1 trino-worker-1 presto-worker-2 trino-worker-2; do \
-      /usr/sbin/kadmin.local -q "addprinc -randkey presto-server/${hostname}.docker.cluster@LABS.TERADATA.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey trino-server/${hostname}.docker.cluster@LABS.TERADATA.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey HTTP/${hostname}.docker.cluster@LABS.TERADATA.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey presto-client/${hostname}.docker.cluster@LABS.TERADATA.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey trino-client/${hostname}.docker.cluster@LABS.TERADATA.COM" \
-      && /usr/sbin/kadmin.local -q "addprinc -randkey hive/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey presto-server/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey trino-server/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey HTTP/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey presto-client/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey trino-client/${hostname}.docker.cluster@LABS.TERADATA.COM" \
+      && /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey hive/${hostname}.docker.cluster@LABS.TERADATA.COM" \
       && mkdir -p /etc/trino/conf \
       && /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/trino/conf/presto-server.keytab presto-server/${hostname}.docker.cluster" \
       && /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/trino/conf/trino-server.keytab trino-server/${hostname}.docker.cluster" \

testing/hdp3.1-hive-kerberized-2/Dockerfile

@@ -12,6 +12,8 @@
 
 FROM testing/hdp3.1-hive:unlabelled
 
+ARG ADDPRINC_ARGS="-maxrenewlife \"10 days\" +allow_renewable"
+
 # Install Kerberos
 RUN yum install -y krb5-libs krb5-server krb5-workstation \
   && yum -y clean all \
@@ -29,7 +31,7 @@ RUN /usr/sbin/kdb5_util create -s -P password
 
 # Add Hadoop principals
 RUN for name in hdfs mapred yarn HTTP; do \
-    /usr/sbin/kadmin.local -q "addprinc -randkey $name/hadoop-master-2@OTHERREALM.COM"; \
+    /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey $name/hadoop-master-2@OTHERREALM.COM"; \
   done
 
 # Create Hadoop keytab files
@@ -42,7 +44,7 @@ RUN for name in hdfs mapred yarn; do \
   && chmod 644 /etc/hadoop/conf/*.keytab
 
 # Create Hive principal and keytab
-RUN /usr/sbin/kadmin.local -q "addprinc -randkey hive/hadoop-master-2@OTHERREALM.COM" \
+RUN /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey hive/hadoop-master-2@OTHERREALM.COM" \
   && /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/hive/conf/hive.keytab hive/hadoop-master-2" \
   && chown hive:hadoop /etc/hive/conf/hive.keytab \
   && chmod 644 /etc/hive/conf/hive.keytab
@@ -51,12 +53,12 @@ RUN /usr/sbin/kadmin.local -q "addprinc -randkey hive/hadoop-master-2@OTHERREALM
 RUN set -xeu \
   && mkdir -p /etc/trino/conf \
   && for hostname in presto-master trino-coordinator presto-worker trino-worker presto-worker-1 trino-worker-1 presto-worker-2 trino-worker-2; do \
-      /usr/sbin/kadmin.local -q "addprinc -randkey presto-server/${hostname}.docker.cluster@OTHERREALM.COM"; \
-      /usr/sbin/kadmin.local -q "addprinc -randkey trino-server/${hostname}.docker.cluster@OTHERREALM.COM"; \
-      /usr/sbin/kadmin.local -q "addprinc -randkey HTTP/${hostname}.docker.cluster@OTHERREALM.COM"; \
-      /usr/sbin/kadmin.local -q "addprinc -randkey presto-client/${hostname}.docker.cluster@OTHERREALM.COM"; \
-      /usr/sbin/kadmin.local -q "addprinc -randkey trino-client/${hostname}.docker.cluster@OTHERREALM.COM"; \
-      /usr/sbin/kadmin.local -q "addprinc -randkey hive/${hostname}.docker.cluster@OTHERREALM.COM"; \
+      /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey presto-server/${hostname}.docker.cluster@OTHERREALM.COM"; \
+      /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey trino-server/${hostname}.docker.cluster@OTHERREALM.COM"; \
+      /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey HTTP/${hostname}.docker.cluster@OTHERREALM.COM"; \
+      /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey presto-client/${hostname}.docker.cluster@OTHERREALM.COM"; \
+      /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey trino-client/${hostname}.docker.cluster@OTHERREALM.COM"; \
+      /usr/sbin/kadmin.local -q "addprinc ${ADDPRINC_ARGS} -randkey hive/${hostname}.docker.cluster@OTHERREALM.COM"; \
       /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/trino/conf/presto-server.keytab presto-server/${hostname}.docker.cluster"; \
       /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/trino/conf/trino-server.keytab trino-server/${hostname}.docker.cluster"; \
       /usr/sbin/kadmin.local -q "xst -norandkey -k /etc/trino/conf/presto-server-HTTP.keytab HTTP/${hostname}.docker.cluster"; \