Trying to debug kerberos problems is painful exercise
Add a kerberos diagnostics command, `kdiag` to aid this; output to stdout or to a named file.
add other args as appropriate, etg
- `--required` - fail with exit code if no login
- `--zookeeper` check zk details
- `--hdfs` check HDFS
- `--yarn` check yarn login
- --keytab + keytab name`: check for accessibility, contents