03-12-2018 10:08 AM
When configuring CDH 5.8.3 to Kerberos [MIT KDC, krb5.conf not managed through Cloudera Manager], Cloudera manager is generating all the prinicpals password expiration set to 1965.
Restarting the services would fail for the first time and has to modify the prinicpals through kadmin. Regeneration also doesn't work as the expiration was still set to 1965. After modification, services are coming up successfully (which does make sense).
Please let us know if we're missing any steps during configuration.
03-12-2018 03:07 PM
Cloudera Manager does not actively set an expiration time when creating principals.
I recommend checking your KDC's kdc.conf to see if something other than "0" has been set for default_principal_expiration.
Also, try testing by creating a principal yourself and see if it also has an expiration time.