Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

What is the lifecycle of users created with Ambari in AD - removal/(re-)creation?

Labels:
avatar
author-rank hkropp
Super Collaborator

Created ‎10-21-2015 01:19 PM

 
2,309 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank pcodding author-rank
Guru

Created ‎10-21-2015 02:19 PM

Creation: Users are created in AD upon initial kerberization, as well as adding services, or hosts to the cluster. A test principal is created during the wizard to test the kerberos client configuration and operations, as well as all of the appropriate principals for the services that are deployed in the cluster. During that process, passwords are generated and set in Active Directory. Those passwords are not permanently stored in Ambari and are only used for keytab generation.

Update: Post-wizard completion, the principal regeneration process will regenerate and set those passwords in AD.

Deletion: During removal of services, or hosts, or disabling kerberos, the appropriate principals are removed from AD.

View solution in original post

2,171 Views
3 REPLIES 3

avatar
author-rank pcodding author-rank
Guru

Created ‎10-21-2015 02:19 PM

Creation: Users are created in AD upon initial kerberization, as well as adding services, or hosts to the cluster. A test principal is created during the wizard to test the kerberos client configuration and operations, as well as all of the appropriate principals for the services that are deployed in the cluster. During that process, passwords are generated and set in Active Directory. Those passwords are not permanently stored in Ambari and are only used for keytab generation.

Update: Post-wizard completion, the principal regeneration process will regenerate and set those passwords in AD.

Deletion: During removal of services, or hosts, or disabling kerberos, the appropriate principals are removed from AD.

2,172 Views

avatar
author-rank TerryP author-rank
Super Collaborator

Created ‎10-21-2015 03:02 PM

This is prime RunBook material!

2,171 Views
0 Kudos

avatar
author-rank pcodding author-rank
Guru

Created ‎10-21-2015 03:46 PM

I'll work on getting this and the password creation methods into the docs ASAP.

2,171 Views
Announcements
What's New @ Cloudera
Product Update: Cloudera Flow Management Operator for Kubern...
What's New @ Cloudera
Product Update: Cloudera Data Flow v3.1 for Cloudera on Clou...
Community Announcements
May 2026 Community Highlights
Community Announcements
Testing the tags to new post
What's New @ Cloudera
Cloudera Real time Monitoring for 7.1.9+ and 7.2.18+ with Cl...
View More Announcements