Error "CRITICAL: Error doing kinit for nagios".

Hello,

Ambari is reporting the following errors:

WebHCat Server status
CRIT for about a minute
CRITICAL: Error doing kinit for nagios [kinit: Permission denied while getting initial credentials]

Oozie Server status
CRIT for about a minute
CRITICAL: Error doing kinit for nagios [kinit: Permission denied while getting initial credentials]

However, we were able to start all services with security enabled, including nagios.

In /var/log/nagios/nagios.log we see errors similar to the following (only the host names have been changed):

[1430341067] SERVICE ALERT: example02.example.com;WEBHCAT::WebHCat Server status;CRITICAL;HARD;3;CRITICAL: Error doing kinit for nagios [kinit: Permission denied while getting initial credentials]
[1430341067] SERVICE NOTIFICATION: sys_logger;example02.example.com;WEBHCAT::WebHCat Server status;CRITICAL;service_sys_logger;CRITICAL: Error doing kinit for nagios [kinit: Permission denied while getting initial credentials]
[1430341067] SERVICE NOTIFICATION: nagiosadmin;example02.example.com;WEBHCAT::WebHCat Server status;CRITICAL;notify-service-by-email;CRITICAL: Error doing kinit for nagios [kinit: Permission denied while getting initial credentials]
[1430341117] SERVICE ALERT: example03.example.com;OOZIE::Oozie Server status;CRITICAL;SOFT;2;CRITICAL: Error doing kinit for nagios [kinit: Permission denied while getting initial credentials]
[1430341177] SERVICE ALERT: example03.example.com;OOZIE::Oozie Server status;CRITICAL;HARD;3;CRITICAL: Error doing kinit for nagios [kinit: Permission denied while getting initial credentials]
[1430341177] SERVICE NOTIFICATION: sys_logger;example03.example.com;OOZIE::Oozie Server status;CRITICAL;service_sys_logger;CRITICAL: Error doing kinit for nagios [kinit: Permission denied while getting initial credentials]
[1430341177] SERVICE NOTIFICATION: nagiosadmin;example03.example.com;OOZIE::Oozie Server status;CRITICAL;notify-service-by-email;CRITICAL: Error doing kinit for nagios [kinit: Permission denied while getting initial credentials]

What is attempting to authenticate as nagios, user ‘nagiosadmin’ or ‘oozie/hcat’? We secured our cluster using the CSV file exported from Ambari, and there’s only one nagios principal on the nagios server (example01).

I tried creating a principal for nagiosadmin in our realm and also copying keytab ‘nagios.service.keytab’ to the machines on which WebHCat server and Oozie server are running, neither of which eliminated the error.