Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to change KDC account manager credentials after enabling Kerberos

Labels:
avatar
author-rank zhuw.bigdata
Expert Contributor

Created ‎12-23-2016 12:15 PM

Reference: https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s3_cm_principal.html

Is there any way to change KDC account manager credentials after enabling Kerberos? I can’t find anywhere in CM to change the properties. If these are not in CM web UI, is it kept in JKS somewhere?

5,422 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank bgooley author-rank
Master Guru

Created ‎12-29-2016 09:06 AM

In older versions of Cloudera Manager (4.x I believe), the keytab file used to be stored in /etc/cloudera-scm-server as "cmf.keytab".

Now, it is stored in Cloudera Manager's database.

 

To create or update the KDC account manager in Cloudera Manager, you can reference this documentation:

 

http://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_deploy_keytab_s5.html

 

View solution in original post

5,360 Views
5 REPLIES 5

avatar
saranvisa author-rank
Champion

Created ‎12-23-2016 12:30 PM

@zhuw.bigdata

 

I hope you are done with Import KDC Acc Manager Credential already using the following steps" CM -> Administration -> Setting -> Import KDC Account Manager Credentials"

 

And now you want to change the credential

 

In your CLI, type kadmin.local (if you are in Kerberos master node) --or-- kadmin (if you are from client/remote node)

kadmin.local: ?  

# Type ?, it will give you help including how to change credentials

 

Hope this helps

 

5,421 Views

avatar
author-rank bgooley author-rank
Master Guru

Created ‎12-29-2016 09:09 AM

@saranvisa, You provided the right information, but I wanted to clarify that the correct step to update the Account Manager credentials was to again import credentials.  Thanks for providing the solution!

 

Ben

5,359 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎12-29-2016 09:06 AM

In older versions of Cloudera Manager (4.x I believe), the keytab file used to be stored in /etc/cloudera-scm-server as "cmf.keytab".

Now, it is stored in Cloudera Manager's database.

 

To create or update the KDC account manager in Cloudera Manager, you can reference this documentation:

 

http://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_deploy_keytab_s5.html

 

5,361 Views

avatar
author-rank zhuw.bigdata
Expert Contributor

Created ‎02-04-2017 03:34 PM

Since "Import Kerberos Account Manager Credentials" tab show blank for both User name and Password, I have no clue which user is used. Basically I will create a new account manager then.

5,277 Views
0 Kudos

avatar
manuh author-rank
Cloudera Employee

Created ‎07-02-2020 11:57 PM

Try with the sql statement: 

 

select VALUE from scm.CONFIGS where ATTR="kdc_admin_user";

 

scm is the CM database in the example.

3,222 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements