Reply
Highlighted
New Contributor
Posts: 5
Registered: ‎02-04-2015

Cloudera Manager not showing all principals as shown by kadmin.local

My question is two fold.

 

1. What is the difference between kadmin and kadmin.local. kadmin gives me the below error whereas kadmin.local logs me in successful.

 

[root@bda1node01 ~]# kadmin
Authenticating as principal u123456/admin@BDA1.INFOFTPS.COM with password.
kadmin: Client not found in Kerberos database while initializing kadmin interface

 

[root@bda1node01 ~]# kadmin.local
Authenticating as principal u12345/admin@BDA1.INFOFTPS.COM with password.
kadmin.local:

 

2. Cloudera manager doesnt display all the principals under Kerberos \ Credentials compared to what i see using kadmin.local getprincs

for example: 

u12345@BDA1.INFOFTPS.COM  (this principal not shown in CM but is displayed with kadmin.local:getprincs command.

 

Thanks

 

 

 

Posts: 1,885
Kudos: 423
Solutions: 298
Registered: ‎07-31-2013

Re: Cloudera Manager not showing all principals as shown by kadmin.local

On (1):

"""
kadmin and kadmin.local are command-line interfaces to the Kerberos V5 administration system. They provide nearly identical functionalities; the difference is that kadmin.local directly accesses the KDC database, while kadmin performs operations using kadmind.
""" - http://web.mit.edu/Kerberos/krb5-1.12/doc/admin/admin_commands/kadmin_local.html

Your kadmin command likely fails cause you are not supplying the right arguments and specific admin TGT required to connect to the daemon service. The kadmin.local passes cause it accesses the locally available KDC files as root.

On (2): CM will show only the principals managed by CM itself. CM only manages your CDH service principals; not your entire KDC - so you should not expect to see non-CDH principals such as user accounts/etc. on your CM UI.
Announcements