Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Cloudera Manager generating all the Principals with password expiration 1965

Cloudera Manager generating all the Principals with password expiration 1965

Explorer

Hello,

 

When configuring CDH 5.8.3 to Kerberos [MIT KDC, krb5.conf not managed through Cloudera Manager], Cloudera manager is generating all the prinicpals password expiration set to 1965.

 

Restarting the services would fail for the first time and has to modify the prinicpals through kadmin. Regeneration also doesn't work as the expiration was still set to 1965. After modification, services are coming up successfully (which does make sense).

 

Please let us know if we're missing any steps during configuration.

2 REPLIES 2

Re: Cloudera Manager generating all the Principals with password expiration 1965

Super Guru

Hi @Krish216,

 

Cloudera Manager does not actively set an expiration time when creating principals.

I recommend checking your KDC's kdc.conf to see if something other than "0" has been set for default_principal_expiration.

 

Also, try testing by creating a principal yourself and see if it also has an expiration time.

Highlighted

Re: Cloudera Manager generating all the Principals with password expiration 1965

Explorer

Thanks @bgooley for quick response. Let me check on this and will update the post.

Don't have an account?
Coming from Hortonworks? Activate your account here