Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

What is the lifecycle of users created with Ambari in AD - removal/(re-)creation?

Labels:
avatar
author-rank hkropp
Super Collaborator

Created ‎10-21-2015 01:19 PM

 
1,313 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank pcodding author-rank
Guru

Created ‎10-21-2015 02:19 PM

Creation: Users are created in AD upon initial kerberization, as well as adding services, or hosts to the cluster. A test principal is created during the wizard to test the kerberos client configuration and operations, as well as all of the appropriate principals for the services that are deployed in the cluster. During that process, passwords are generated and set in Active Directory. Those passwords are not permanently stored in Ambari and are only used for keytab generation.

Update: Post-wizard completion, the principal regeneration process will regenerate and set those passwords in AD.

Deletion: During removal of services, or hosts, or disabling kerberos, the appropriate principals are removed from AD.

View solution in original post

1,175 Views
3 REPLIES 3

avatar
author-rank pcodding author-rank
Guru

Created ‎10-21-2015 02:19 PM

Creation: Users are created in AD upon initial kerberization, as well as adding services, or hosts to the cluster. A test principal is created during the wizard to test the kerberos client configuration and operations, as well as all of the appropriate principals for the services that are deployed in the cluster. During that process, passwords are generated and set in Active Directory. Those passwords are not permanently stored in Ambari and are only used for keytab generation.

Update: Post-wizard completion, the principal regeneration process will regenerate and set those passwords in AD.

Deletion: During removal of services, or hosts, or disabling kerberos, the appropriate principals are removed from AD.

1,176 Views

avatar
author-rank TerryP author-rank
Super Collaborator

Created ‎10-21-2015 03:02 PM

This is prime RunBook material!

1,175 Views
0 Kudos

avatar
author-rank pcodding author-rank
Guru

Created ‎10-21-2015 03:46 PM

I'll work on getting this and the password creation methods into the docs ASAP.

1,175 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements