Support Questions
Find answers, ask questions, and share your expertise

Missing KDC administrator credentials. Please enter admin principal and password

I have setup kerberos and enabled in Ambari successfully on one environment but while trying the same on another environment I am facing issue while enabling kerberos. I have tried to store credentials using keytool, Rest API, checked kerberos descriptors but no luck. what else is left to check?

PFA,

missing-kdc-credentials.png

16 REPLIES 16

Mentor

@Ankita Ghate

Find attached the tokenized version of my files.

Ok.

You can check files which I have already attached in above comments. Absolute path of files are /etc/hosts, /etc/krb5.conf, /etc/krbkdc/kadm5.acl, /etc/krb5kdc/kdc.conf

PFA,

krb5conf.png

kdcconf.png

kadm5conf.png

hosts.png

Mentor

@Ankita Ghate

The values look correct, I guess you are running ubuntu that's why the path differs a bit from my centos ! Can you start the equivalent of these services and retry

service krb5kdc start 
service kadmin start

Can you share the screenshot of the parameters you are using in the Enabling kerberos wizard ?


@Geoffrey Shelton Okot

PFA for services restart,

services-restart.png

Mentor

@Ankita Ghate

Now can you proceed with the kerberization check the 2 screenshots attached ensure your input values are correct.

Please revert


get-started.jpgget-started02.jpg

All,

Thanks for your response. I found the root cause of this issue in my case, Ambari was using Ambari master key for KDC admin credentials which was present at /var/lib/ambari-server/keys/credentials.jceks. I have taken backup of it and was able to work on 'Enable kerberos through Ambari UI'.

But that previous file is required at the time of ambari-server restart. So need to keep ambari-master key same as KDC admin key (password).

PFA,

kerberos-admin-creds-issue-solved.png

All,

Thanks for your response. I found the root cause of the issue. Ambari was using its master's key in KDC admin credentials that is why it was giving "Missing KDC administrator credentials. Please enter admin principal and password". So I have removed that crendential file (PFA for this) and issue has been solved.

For others, you may need to keep ambari master key and KDC admin creds same, because that file is required at the time of ambari-server restart (if you have configured jceks).

PFA,

kerberos-admin-creds-issue-solved.png

View solution in original post