Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Kerberos change password is not working (from kadmin.local)

Labels:
avatar
saranvisa author-rank
Champion

Created ‎12-13-2016 01:46 PM

One of our user lost her kerberos password and I am trying to reset the password using below steps

 

kadmin.local:
kadmin.local: change_password user@REALM.COM
Enter password for principal "user@REALM.COM":
Re-enter password for principal "user@REALM.COM":
Password for "user@REALM.COM" changed.
kadmin.local:q

 

Trying to login with new password after that but getting the below error
kinit user@REALM.COM
Password for user@REALM.COM:
kinit: Password incorrect while getting initial credentials

 

So I drop the user principal using delprinc and recreated with new password but still getting the same error


Then I've created a keytab and tried to access user using keytab, it is working
kadmin.local:xst -norandkey -k /tmp/user.keytab user@REALM.COM

$kinit user@REALM.COM -k -t /tmp/user.keytab

 

But the below command still shows the error.
$kinit user@REALM.COM
kinit: Password incorrect while getting initial credentials


Can someone help me on this?

 

Thanks

Kumar

12,862 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
saranvisa author-rank
Champion

Created ‎12-14-2016 02:25 PM

Issue fixed!!

 

My bad! From our list of nodes, i know either node01 or node02 has krb5-server. So I randomly pick the node01 and applied kadmin.local command, it worked, so started applying change password and endup with failure

 

(Note: kadmin.local command is working in both node01 and node02). 

 

Latter realized node02 is our krb5-server from the below configuration. so login to node02 and delete & recreated the principal. it is working fine now from all our nodes...

 

cat /etc/krb5.conf
[realms]
*** = {
kdc = node01:88
kdc = node02:88
admin_server = node02:749
default_domain = ***
max_renewable_life = 7d
max_life = 7d
}

 

Thanks

Kumar

View solution in original post

12,817 Views
0 Kudos
1 REPLY 1

avatar
saranvisa author-rank
Champion

Created ‎12-14-2016 02:25 PM

Issue fixed!!

 

My bad! From our list of nodes, i know either node01 or node02 has krb5-server. So I randomly pick the node01 and applied kadmin.local command, it worked, so started applying change password and endup with failure

 

(Note: kadmin.local command is working in both node01 and node02). 

 

Latter realized node02 is our krb5-server from the below configuration. so login to node02 and delete & recreated the principal. it is working fine now from all our nodes...

 

cat /etc/krb5.conf
[realms]
*** = {
kdc = node01:88
kdc = node02:88
admin_server = node02:749
default_domain = ***
max_renewable_life = 7d
max_life = 7d
}

 

Thanks

Kumar

12,818 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
View More Announcements