Reply
Expert Contributor
Posts: 68
Registered: ‎10-04-2016
Accepted Solution

How to change KDC account manager credentials after enabling Kerberos

Reference: https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s3_cm_principal.html

Is there any way to change KDC account manager credentials after enabling Kerberos? I can’t find anywhere in CM to change the properties. If these are not in CM web UI, is it kept in JKS somewhere?

Posts: 519
Topics: 14
Kudos: 91
Solutions: 45
Registered: ‎09-02-2016

Re: How to change KDC account manager credentials after enabling Kerberos

@zhuw.bigdata

 

I hope you are done with Import KDC Acc Manager Credential already using the following steps" CM -> Administration -> Setting -> Import KDC Account Manager Credentials"

 

And now you want to change the credential

 

In your CLI, type kadmin.local (if you are in Kerberos master node) --or-- kadmin (if you are from client/remote node)

kadmin.local: ?  

# Type ?, it will give you help including how to change credentials

 

Hope this helps

 

Posts: 992
Topics: 1
Kudos: 243
Solutions: 126
Registered: ‎04-22-2014

Re: How to change KDC account manager credentials after enabling Kerberos

In older versions of Cloudera Manager (4.x I believe), the keytab file used to be stored in /etc/cloudera-scm-server as "cmf.keytab".

Now, it is stored in Cloudera Manager's database.

 

To create or update the KDC account manager in Cloudera Manager, you can reference this documentation:

 

http://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_deploy_keytab_s5.html

 

Posts: 992
Topics: 1
Kudos: 243
Solutions: 126
Registered: ‎04-22-2014

Re: How to change KDC account manager credentials after enabling Kerberos

@saranvisa, You provided the right information, but I wanted to clarify that the correct step to update the Account Manager credentials was to again import credentials.  Thanks for providing the solution!

 

Ben

Highlighted
Expert Contributor
Posts: 68
Registered: ‎10-04-2016

Re: How to change KDC account manager credentials after enabling Kerberos

Since "Import Kerberos Account Manager Credentials" tab show blank for both User name and Password, I have no clue which user is used. Basically I will create a new account manager then.

Announcements