Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Authentication credentials in local KDC

Authentication credentials in local KDC

Explorer

How are authentication credentials stored and protected within the local KDC created during Kerberos implementation? What encryption algorithm can be used ?

2 REPLIES 2
Highlighted

Re: Authentication credentials in local KDC

As of Ambari 2.1.2, the KDC administrator credential is stored in an in-memory or on-disk credential store (keystore), depending on your configuration. If Ambari's credential store is set up using the ambari-server setup-security utility (option #2 - Encrypt passwords stored in ambari.properties file) then the KDC administrator credential can be stored there until manually removed. Else the credential will be stored in an in-memory credential store for up to 90 minutes or until Ambari is restarted.

The storage location for the credential (in-memory or on-disk credential store), may be chosen via the UI at the time it is set. Else, it may be set, updated, or removed via Ambari's REST API - see https://github.com/apache/ambari/blob/trunk/ambari-server/docs/api/v1/credential-resources.md.

Highlighted

Re: Authentication credentials in local KDC

Don't have an account?
Coming from Hortonworks? Activate your account here