Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Cloudera Manager not showing all principals as shown by kadmin.local

Highlighted

Cloudera Manager not showing all principals as shown by kadmin.local

New Contributor

My question is two fold.

 

1. What is the difference between kadmin and kadmin.local. kadmin gives me the below error whereas kadmin.local logs me in successful.

 

[root@bda1node01 ~]# kadmin
Authenticating as principal u123456/admin@BDA1.INFOFTPS.COM with password.
kadmin: Client not found in Kerberos database while initializing kadmin interface

 

[root@bda1node01 ~]# kadmin.local
Authenticating as principal u12345/admin@BDA1.INFOFTPS.COM with password.
kadmin.local:

 

2. Cloudera manager doesnt display all the principals under Kerberos \ Credentials compared to what i see using kadmin.local getprincs

for example: 

u12345@BDA1.INFOFTPS.COM  (this principal not shown in CM but is displayed with kadmin.local:getprincs command.

 

Thanks

 

 

 

1 REPLY 1

Re: Cloudera Manager not showing all principals as shown by kadmin.local

Master Guru
On (1):

"""
kadmin and kadmin.local are command-line interfaces to the Kerberos V5 administration system. They provide nearly identical functionalities; the difference is that kadmin.local directly accesses the KDC database, while kadmin performs operations using kadmind.
""" - http://web.mit.edu/Kerberos/krb5-1.12/doc/admin/admin_commands/kadmin_local.html

Your kadmin command likely fails cause you are not supplying the right arguments and specific admin TGT required to connect to the daemon service. The kadmin.local passes cause it accesses the locally available KDC files as root.

On (2): CM will show only the principals managed by CM itself. CM only manages your CDH service principals; not your entire KDC - so you should not expect to see non-CDH principals such as user accounts/etc. on your CM UI.