Support Questions

bkandalkar · ‎02-01-2018

Can we use password and Keytab file for same user in Kerberos? Also, is password changed after creating keytab for that principal?

sandyy006 · ‎02-01-2018

@Bhushan Kandalkar, Yes we can use both password and keytab for the same principal. You will have to regenerate the keytab if you change the password.

View solution in original post

sandyy006 · ‎02-01-2018

@Bhushan Kandalkar, Yes we can use both password and keytab for the same principal. You will have to regenerate the keytab if you change the password.

bkandalkar · ‎02-02-2018

@Sandeep Nemuri,

I am getting error while using password for same principal. I have done following steps:

================================================

kadmin: addprinc testuser@XORTEST.COM

WARNING: no policy specified for testuser@XORTEST.COM; defaulting to no policy Enter password for principal "testuser@XORTEST.COM":

Re-enter password for principal "testuser@XORTEST.COM":

Principal "testuser@XORTEST.COM" created.

kadmin: ktadd -k /home/testuser/testuser.keytab testuser@XORTEST.COM

Entry for principal testuser@XORTEST.COM with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:/home/testuser/testuser.keytab. Entry for principal testuser@XORTEST.COM with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:/home/testuser/testuser.keytab. kadmin: quit

[root@bhushanhdp-1 ~]# chown -R testuser:testuser /home/testuser/testuser.keytab

[root@bhushanhdp-1 ~]# chmod 600 /home/testuser/testuser.keytab

[root@bhushanhdp-1 ~]# su - testuser

[testuser@bhushanhdp-1 ~]$ kinit -kt testuser.keytab testuser@XORTEST.COM

[testuser@bhushanhdp-1 ~]$ hadoop fs -ls /

Found 9 items

drwxrwxrwx - yarn hadoop 0 2018-01-29 11:39 /app-logs

drwxr-xr-x - hdfs hdfs 0 2018-01-29 11:39 /apps

drwxr-xr-x - yarn hadoop 0 2018-01-29 11:37 /ats

drwxr-xr-x - hdfs hdfs 0 2018-01-29 11:37 /hdp

drwxr-xr-x - mapred hdfs 0 2018-01-29 11:37 /mapred

drwxrwxrwx - mapred hadoop 0 2018-01-29 11:38 /mr-history

drwxrwxrwx - hdfs hdfs 0 2018-01-31 09:27 /tmp

drwxr-xr-x - hdfs hdfs 0 2018-01-29 11:39 /user

drwxr-xr-x - hdfs hdfs 0 2018-01-29 11:37 /webhdfs

[testuser@bhushanhdp-1 ~]$ kdestroy

[testuser@bhushanhdp-1 ~]$ klist klist: No credentials cache found (filename: /tmp/krb5cc_1015)

[testuser@bhushanhdp-1 ~]$ kinit testuser@XORTEST.COM

Password for testuser@XORTEST.COM:

kinit: Password incorrect while getting initial credentials

[testuser@bhushanhdp-1 ~]$

======================================================================

Is password changed after creating Keytab file?

How should I used both password and Keytab for same principal?

sandyy006 · ‎02-03-2018

@Bhushan Kandalkar use below (which will not change the password while generating the keytab.

kadmin.local -q "xst -norandkey -k testuser.keytab testuser"

bkandalkar · ‎02-07-2018

Thanks @Sandeep Nemuri.