Support Questions

parnigot · ‎10-04-2017

Hi,

I've recently decomissioned a couple of hosts from a cluster (replaced with newer machines).

The cluster is using kerberos authentication managed via Cloudera Manager and I've noticed that the page listing all the available credentials (Administration -> Security -> Kerberos Credentials) continues to list the SPNs for the decomissioned machines.

Is there any way to clean them up?

I've searched in the documentation and I've only found this API endpoint https://cloudera.github.io/cm_api/apidocs/v17/path__cm_commands_deleteCredentials.html that deletes ALL the SPNs (I need to delete only the old ones).

Thanks

p.

h@cloudera · ‎10-09-2017

Hi parnigot,

You can try selecting those specific principals and clicking "Regenerate Selected". Alternatively, you could just go into the KDC or AD and delete the principals there.

View solution in original post

h@cloudera · ‎10-09-2017

Hi parnigot,

You can try selecting those specific principals and clicking "Regenerate Selected". Alternatively, you could just go into the KDC or AD and delete the principals there.

parnigot · ‎10-10-2017

Hi h@cloudera,

I didn't know that the "Regenerate Selected" executed on a old SPN will simply delete it without recreating it.

Thanks for the tip!

p.

h@cloudera · ‎10-10-2017

Glad to help, @parnigot!

Cloudera Community

Support Questions

Deleting Kerberos Credentials of decomissioned host