Support Questions
Find answers, ask questions, and share your expertise

Admin session expiration error Invalid KDC administrator credentials

Highlighted

Re: Admin session expiration error Invalid KDC administrator credentials

I've made slight changes on names for privacy reason:

the output for the "listprincs" is:

kadmin.local: listprincs

K/M@myDN

admin/myFQDN@myDN

admin/admin@myDN

kadmin/myFQDN@myDN

kadmin/admin@myDN

kadmin/changepw@myDN

kadmin/myFQDN@myDN

kiprop/myFQDN@myDN

krbtgt/myDN@myDN

root/myFQDN@myDN

root/admin@myDN

Highlighted

Re: Admin session expiration error Invalid KDC administrator credentials

New Contributor

This problem seems to have unresolved, at-least from what I could follow.

I am facing exactly same issue. I am trying to Kerberise the HDP 3.0.1 sandbox using ambari. I have setup my KDC server on a ubuntu, and I have also setup the admin/admin principle correctly. From HDP sandbox I can successfully execute kinit for admin/admin.

 

In the ambari-server.log I see following error:

2020-12-03 12:38:57,331 ERROR [ambari-client-thread-168] KerberosHelperImpl:2412 - Cannot validate credentials: org.apache.ambari.s
erver.serveraction.kerberos.KerberosMissingAdminCredentialsException: Missing KDC administrator credentials.                       
The KDC administrator credentials must be set as a persisted or temporary credential resource.This may be done by issuing a POST to
 the /api/v1/clusters/:clusterName/credentials/kdc.admin.credential API entry point with the following payload:                    
{                                                                                                                                  
  "Credential" : {                                                                                                                 
    "principal" : "(PRINCIPAL)", "key" : "(PASSWORD)", "type" : "(persisted|temporary)"}                                           
  }                                                                                                                                
}                                                                                                                                  
2020-12-03 12:38:57,336 ERROR [ambari-client-thread-168] CreateHandler:80 - Bad request received: Missing KDC administrator credent
ials.                                                                                                                              
The KDC administrator credentials must be set as a persisted or temporary credential resource.This may be done by issuing a POST to
 the /api/v1/clusters/:clusterName/credentials/kdc.admin.credential API entry point with the following payload:                    
{                                                                                                                                  
  "Credential" : {                                                                                                                 
    "principal" : "(PRINCIPAL)", "key" : "(PASSWORD)", "type" : "(persisted|temporary)"}                                           
  }                                                                                                                                
}                                                                                                                                  
2020-12-03 12:38:57,565 ERROR [ambari-metrics-retrieval-service-thread-2] MetricsRetrievalService:496 - Unable to retrieve metrics 
from http://abc.xyz.com:8744/api/v1/cluster/summary. Subsequent failures will be suppressed from the log for 20 min
utes.    

 

Highlighted

Re: Admin session expiration error Invalid KDC administrator credentials

New Contributor

I would really appreciate if someone can help me resolve what can be the issue in my case.

Re: Admin session expiration error Invalid KDC administrator credentials

Community Manager

@jvlearn as this is an older post, you would have a better chance of receiving a resolution by starting a new thread. This will also be an opportunity to provide details specific to your environment that could aid others in assisting you with a more accurate answer to your question. You can link this thread as a reference in your new post.


Regards,

Vidya Sargur,
Community Manager


Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Learn more about the Cloudera Community:

Don't have an account?