Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Deleting Kerberos Credentials of decomissioned host

avatar
Contributor

Hi,

 

I've recently decomissioned a couple of hosts from a cluster (replaced with newer machines).

The cluster is using kerberos authentication managed via Cloudera Manager and I've noticed that the page listing all the available credentials (Administration -> Security -> Kerberos Credentials) continues to list the SPNs for the decomissioned machines.

 

Is there any way to clean them up?

I've searched in the documentation and I've only found this API endpoint https://cloudera.github.io/cm_api/apidocs/v17/path__cm_commands_deleteCredentials.html that deletes ALL the SPNs (I need to delete only the old ones).

 

Thanks

p.

 

1 ACCEPTED SOLUTION

avatar
Rising Star

Hi parnigot,

 

You can try selecting those specific principals and clicking "Regenerate Selected". Alternatively, you could just go into the KDC or AD and delete the principals there.

View solution in original post

3 REPLIES 3

avatar
Rising Star

Hi parnigot,

 

You can try selecting those specific principals and clicking "Regenerate Selected". Alternatively, you could just go into the KDC or AD and delete the principals there.

avatar
Contributor

Hi h@cloudera,

 

I didn't know that the "Regenerate Selected" executed on a old SPN will simply delete it without recreating it.

 

Thanks for the tip!

p.

 

avatar
Rising Star

Glad to help, @parnigot!