Support Questions

parnigot · ‎10-04-2017

Hi,

I've recently decomissioned a couple of hosts from a cluster (replaced with newer machines).

The cluster is using kerberos authentication managed via Cloudera Manager and I've noticed that the page listing all the available credentials (Administration -> Security -> Kerberos Credentials) continues to list the SPNs for the decomissioned machines.

Is there any way to clean them up?

I've searched in the documentation and I've only found this API endpoint https://cloudera.github.io/cm_api/apidocs/v17/path__cm_commands_deleteCredentials.html that deletes ALL the SPNs (I need to delete only the old ones).

Thanks

p.

h@cloudera · ‎10-09-2017

Hi parnigot,

You can try selecting those specific principals and clicking "Regenerate Selected". Alternatively, you could just go into the KDC or AD and delete the principals there.

View solution in original post

h@cloudera · ‎10-09-2017

Hi parnigot,

You can try selecting those specific principals and clicking "Regenerate Selected". Alternatively, you could just go into the KDC or AD and delete the principals there.

parnigot · ‎10-10-2017

Hi h@cloudera,

I didn't know that the "Regenerate Selected" executed on a old SPN will simply delete it without recreating it.

Thanks for the tip!

p.

h@cloudera · ‎10-10-2017

Glad to help, @parnigot!

Cloudera Community

Support Questions

Deleting Kerberos Credentials of decomissioned host

How can we delete classifications from deleted ent...

kinit: Preauthentication failed while getting init...

"kinit: Preauthentication failed while getting ini...

Kerberos Generate Credentials fails

Adding KDC Administrator Credentials to the Ambari...

Data03 node is decomissioned, i want it back in wo...

GSSException: No valid credentials provided (Mecha...

Kerberos Authentication Wizard failing to generate...

Director bootstrap-remote fails while Importing Ke...

Nifi Credentials