Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

How to reset admin password for kerberos enabled cluster

Labels:
avatar
author-rank tauqeerkhan
Contributor

Created ‎10-16-2016 07:05 AM

How to reset the admin password set while enabling the kerberos.

Previously kerberos was enabled but we disabled it. When trying to again enable kerberos, admin username and password is required.

How to reset the password for this? Or is their any way to enable kerberos wirhout knowing the password?

Hdp 2.4

8,562 Views
0 Kudos
2 REPLIES 2

avatar
author-rank Shelton
Master Mentor

Created ‎10-16-2016 07:34 AM

@tauqeer khan

Try this solution

1.create .ldif file, add the following line to the file, save & exit out:

"dn: cn=global_policy,cn=DOMAINL,cn=EXAMPLE,dc=EXAMPLE,dc=COM

changetype: modify

replace: krbMinPwdLife

krbMinPwdLife: 0"

2. note: you need to know the directory manager password run:

ldapmodify -h localhost -x -W -D "cn=directory manager" -f /root/test/krb_test.ldif

3. now reset the password through kadmin.local:

kadmin.local Authenticating as principal admin/admin@EXAMPLE.COM with password. kadmin.local: change_password -pw secret123 admin@EXAMPLE.COM Password for "admin@EXAMPLE.COM" changed. kadmin.local: q

4. Run this command to clear cache kdestroy

5. Run "kimit admin" to login KDC using new password

[root@bddec1v1-0019 ~]# kinit admin Password for admin@EXAMPLE.COM:

[root@bddec1v1-0019 ~]# klist Ticket cache:

FILE:/tmp/krb5cc_0

Default principal: admin@EXAMPLE.COM

Valid starting Expires Service principal

.......

....

Or

[root@bddec1v1-0019 ~]# kadmin

Authenticating as principal self/admin@DOMAIN.TLD with password.

Password for self/admin@DOMAIN.TLD:

kadmin: getprivs

current privileges: GET ADD MODIFY DELETE

kadmin: cpw someuser

Enter password for principal "someuser@DOMAIN.TLD":

Re-enter password for principal "someuser@DOMAIN.TLD": P

assword for "someuser@DOMAIN.TLD" changed.

kadmin: quit

5,518 Views
0 Kudos

avatar
author-rank rlevas
Guru

Created ‎10-17-2016 02:23 PM

Your question seems to be unclear. Where are you looking to reset the admin password... from within the credentials stored in Ambari (if you enabled that) or within the KDC (or Active Directory, etc...)?

You cannot enable Kerberos without the credentials for some privileged user in the KDC unless you select the "manual" option, in which you will be responsible for the principal and keytab file creation and distribution.

5,518 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements