Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Deleting Kerberos Credentials of decomissioned host

Solved Go to solution

Deleting Kerberos Credentials of decomissioned host

Explorer

Hi,

 

I've recently decomissioned a couple of hosts from a cluster (replaced with newer machines).

The cluster is using kerberos authentication managed via Cloudera Manager and I've noticed that the page listing all the available credentials (Administration -> Security -> Kerberos Credentials) continues to list the SPNs for the decomissioned machines.

 

Is there any way to clean them up?

I've searched in the documentation and I've only found this API endpoint https://cloudera.github.io/cm_api/apidocs/v17/path__cm_commands_deleteCredentials.html that deletes ALL the SPNs (I need to delete only the old ones).

 

Thanks

p.

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Deleting Kerberos Credentials of decomissioned host

Contributor

Hi parnigot,

 

You can try selecting those specific principals and clicking "Regenerate Selected". Alternatively, you could just go into the KDC or AD and delete the principals there.

3 REPLIES 3

Re: Deleting Kerberos Credentials of decomissioned host

Contributor

Hi parnigot,

 

You can try selecting those specific principals and clicking "Regenerate Selected". Alternatively, you could just go into the KDC or AD and delete the principals there.

Re: Deleting Kerberos Credentials of decomissioned host

Explorer

Hi h@cloudera,

 

I didn't know that the "Regenerate Selected" executed on a old SPN will simply delete it without recreating it.

 

Thanks for the tip!

p.

 

Re: Deleting Kerberos Credentials of decomissioned host

Contributor

Glad to help, @parnigot!

Don't have an account?
Coming from Hortonworks? Activate your account here