Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Kerberos change password is not working (from kadmin.local)

Labels:
avatar
saranvisa author-rank
Champion

Created ‎12-13-2016 01:46 PM

One of our user lost her kerberos password and I am trying to reset the password using below steps

 

kadmin.local:
kadmin.local: change_password user@REALM.COM
Enter password for principal "user@REALM.COM":
Re-enter password for principal "user@REALM.COM":
Password for "user@REALM.COM" changed.
kadmin.local:q

 

Trying to login with new password after that but getting the below error
kinit user@REALM.COM
Password for user@REALM.COM:
kinit: Password incorrect while getting initial credentials

 

So I drop the user principal using delprinc and recreated with new password but still getting the same error


Then I've created a keytab and tried to access user using keytab, it is working
kadmin.local:xst -norandkey -k /tmp/user.keytab user@REALM.COM

$kinit user@REALM.COM -k -t /tmp/user.keytab

 

But the below command still shows the error.
$kinit user@REALM.COM
kinit: Password incorrect while getting initial credentials


Can someone help me on this?

 

Thanks

Kumar

10,081 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
saranvisa author-rank
Champion

Created ‎12-14-2016 02:25 PM

Issue fixed!!

 

My bad! From our list of nodes, i know either node01 or node02 has krb5-server. So I randomly pick the node01 and applied kadmin.local command, it worked, so started applying change password and endup with failure

 

(Note: kadmin.local command is working in both node01 and node02). 

 

Latter realized node02 is our krb5-server from the below configuration. so login to node02 and delete & recreated the principal. it is working fine now from all our nodes...

 

cat /etc/krb5.conf
[realms]
*** = {
kdc = node01:88
kdc = node02:88
admin_server = node02:749
default_domain = ***
max_renewable_life = 7d
max_life = 7d
}

 

Thanks

Kumar

View solution in original post

10,042 Views
0 Kudos
1 REPLY 1

avatar
saranvisa author-rank
Champion

Created ‎12-14-2016 02:25 PM

Issue fixed!!

 

My bad! From our list of nodes, i know either node01 or node02 has krb5-server. So I randomly pick the node01 and applied kadmin.local command, it worked, so started applying change password and endup with failure

 

(Note: kadmin.local command is working in both node01 and node02). 

 

Latter realized node02 is our krb5-server from the below configuration. so login to node02 and delete & recreated the principal. it is working fine now from all our nodes...

 

cat /etc/krb5.conf
[realms]
*** = {
kdc = node01:88
kdc = node02:88
admin_server = node02:749
default_domain = ***
max_renewable_life = 7d
max_life = 7d
}

 

Thanks

Kumar

10,043 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements