Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How to change KDC account manager credentials after enabling Kerberos

Solved Go to solution

How to change KDC account manager credentials after enabling Kerberos

Expert Contributor

Reference: https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s3_cm_principal.html

Is there any way to change KDC account manager credentials after enabling Kerberos? I can’t find anywhere in CM to change the properties. If these are not in CM web UI, is it kept in JKS somewhere?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: How to change KDC account manager credentials after enabling Kerberos

Super Guru

In older versions of Cloudera Manager (4.x I believe), the keytab file used to be stored in /etc/cloudera-scm-server as "cmf.keytab".

Now, it is stored in Cloudera Manager's database.

 

To create or update the KDC account manager in Cloudera Manager, you can reference this documentation:

 

http://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_deploy_keytab_s5.html

 

4 REPLIES 4

Re: How to change KDC account manager credentials after enabling Kerberos

Champion

@zhuw.bigdata

 

I hope you are done with Import KDC Acc Manager Credential already using the following steps" CM -> Administration -> Setting -> Import KDC Account Manager Credentials"

 

And now you want to change the credential

 

In your CLI, type kadmin.local (if you are in Kerberos master node) --or-- kadmin (if you are from client/remote node)

kadmin.local: ?  

# Type ?, it will give you help including how to change credentials

 

Hope this helps

 

Re: How to change KDC account manager credentials after enabling Kerberos

Super Guru

@saranvisa, You provided the right information, but I wanted to clarify that the correct step to update the Account Manager credentials was to again import credentials.  Thanks for providing the solution!

 

Ben

Re: How to change KDC account manager credentials after enabling Kerberos

Super Guru

In older versions of Cloudera Manager (4.x I believe), the keytab file used to be stored in /etc/cloudera-scm-server as "cmf.keytab".

Now, it is stored in Cloudera Manager's database.

 

To create or update the KDC account manager in Cloudera Manager, you can reference this documentation:

 

http://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_deploy_keytab_s5.html

 

Highlighted

Re: How to change KDC account manager credentials after enabling Kerberos

Expert Contributor

Since "Import Kerberos Account Manager Credentials" tab show blank for both User name and Password, I have no clue which user is used. Basically I will create a new account manager then.

Don't have an account?
Coming from Hortonworks? Activate your account here