Reply
Explorer
Posts: 18
Registered: ‎02-07-2018

Cloudera Manager generating all the Principals with password expiration 1965

Hello,

 

When configuring CDH 5.8.3 to Kerberos [MIT KDC, krb5.conf not managed through Cloudera Manager], Cloudera manager is generating all the prinicpals password expiration set to 1965.

 

Restarting the services would fail for the first time and has to modify the prinicpals through kadmin. Regeneration also doesn't work as the expiration was still set to 1965. After modification, services are coming up successfully (which does make sense).

 

Please let us know if we're missing any steps during configuration.

Posts: 953
Topics: 1
Kudos: 226
Solutions: 121
Registered: ‎04-22-2014

Re: Cloudera Manager generating all the Principals with password expiration 1965

Hi @Krish216,

 

Cloudera Manager does not actively set an expiration time when creating principals.

I recommend checking your KDC's kdc.conf to see if something other than "0" has been set for default_principal_expiration.

 

Also, try testing by creating a principal yourself and see if it also has an expiration time.

Highlighted
Explorer
Posts: 18
Registered: ‎02-07-2018

Re: Cloudera Manager generating all the Principals with password expiration 1965

Thanks @bgooley for quick response. Let me check on this and will update the post.

Announcements