Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

When principals are created in Active Directory during Kerberos installation (no local KDC), what password is used for each principal?

Labels:
avatar
author-rank TerryP author-rank
Super Collaborator

Created on ‎10-18-2015 02:47 PM - edited ‎09-16-2022 02:44 AM

A client asks this question "I see objects in AD. These objects are AD user objects with the password set to next expire. Do you know what default password is used on these accounts on the AD side?"

1,205 Views
1 ACCEPTED SOLUTION

avatar
author-rank rlevas
Guru

Created ‎10-18-2015 03:18 PM

When Ambari creates passwords for accounts it generates a string of 20 characters chosen from a set of various character classes - uppercase characters, lowercase characters, digits, punctuation, and whitespace. A minimum number of instances of each character class can be configured to help meet password policies that might be applied to the KDC.

View solution in original post

929 Views
3 REPLIES 3

avatar
author-rank bsaini
Guru

Created ‎10-18-2015 03:08 PM

Terry - Are you using Ambari Wizard for kerberizing the cluster? If so, passwords are randomly generated.

Here are the pointers to code that does it -

Password is generated here -

https://github.com/hortonworks/ambari/blob/d4edf4619c1c0bb309920ba86e66012a2a2e7090/ambari-server/sr...

The above function is called from here -

https://github.com/hortonworks/ambari/blob/d4edf4619c1c0bb309920ba86e66012a2a2e7090/ambari-server/sr...

And then passed to this method for creating principal in KDC / AD -

https://github.com/hortonworks/ambari/blob/8967ed9bc8967f6f6783c16f6403a3de0a0b2792/ambari-server/sr...

929 Views

avatar
author-rank rlevas
Guru

Created ‎10-18-2015 03:18 PM

When Ambari creates passwords for accounts it generates a string of 20 characters chosen from a set of various character classes - uppercase characters, lowercase characters, digits, punctuation, and whitespace. A minimum number of instances of each character class can be configured to help meet password policies that might be applied to the KDC.

930 Views

avatar
author-rank pcodding author-rank
Guru

Created ‎10-20-2015 05:39 PM

We'll be adding this information to the documentation for the Kerberos Wizard very soon: http://docs.hortonworks.com/HDPDocuments/Ambari-2.1.2.0/bk_Ambari_Security_Guide/content/_launching_...

It's important to note that these principal password are note permanently persisted within Ambari. They are only used to populate the AD password fields, and generate the appropriate key tabs.

929 Views
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements