Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Kerberos - Remove rc4-hmac

Highlighted

Kerberos - Remove rc4-hmac

Rising Star

Hi,

My security team have asked me to remove rc4-hmac as a encruption type from out Cloudera CDH Kerberos cluster.

At present my kerb5.conf lists

default_tgs_enctypes = aes256-cts aes128-cts rc4-hmac
default_tkt_enctypes = aes256-cts aes128-cts rc4-hmac
permitted_enctypes = aes256-cts aes128-cts rc4-hmac


klist -e on a datanode lists

08/03/19 06:49:12  08/03/19 16:49:12  krbtgt/XXX

        renew until 15/03/19 06:49:12, Etype (skey, tkt): arcfour-hmac, aes256-cts-hmac-sha1-96
08/03/19 06:49:12  08/03/19 16:49:12  impala/XXX
        renew until 15/03/19 06:49:12, Etype (skey, tkt): arcfour-hmac, arcfour-hmac
08/03/19 06:49:12  08/03/19 16:49:12  impala/XXX
        renew until 15/03/19 06:49:12, Etype (skey, tkt): arcfour-hmac, arcfour-hmac


Within Cloduera Manager I have Kerberos Encryption Types set as aes256-cts, aes128-cts, rc4-hmac

Java -version shows

java version "1.8.0_162"
Java(TM) SE Runtime Environment (build 1.8.0_162-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.162-b12, mixed mode)


Am I correct in thinking I can just remove the rc4-hmac within cloudera manager and restart the cluster without any problems?


Don't have an account?
Coming from Hortonworks? Activate your account here