Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

kadmin: Cannot read password while initializing kadmin interface

kadmin: Cannot read password while initializing kadmin interface

New Contributor

from ambari-web "Admin->Kerberos->", when i click "Regenerate Keytabs" an error occured

14067-image-200.png

One error is "/var/log/kadmin.log: don't have permission

Another is "kadmin:Can't read password while initalizing kadmin interface"

6 REPLIES 6

Re: kadmin: Cannot read password while initializing kadmin interface

Super Mentor

@Elvis Zhang

1. Are you sure if ambari is running as root?

2. Can you please list the permission of file.

# ls -lart /var/log/kadmind.log

3. From ambari host the KDC is reachable or not?

# telnet  kdcHostName  kdcPort
# telnet erie1.example.com 88

.

Highlighted

Re: kadmin: Cannot read password while initializing kadmin interface

New Contributor

1. ambari is running as ambari

14068-image-202.png

i think the reason is

"STDERR: kadmin: Cannot read password while initializing kadmin interface"

but when i run kadmin at another host(not kdc server) , i can connect the kdc server like this(input kadmin password) . they are all same with kdc's.

maybe the ambari-server read password from error config ??

14069-image-203.png

Re: kadmin: Cannot read password while initializing kadmin interface

@Elvis Zhang

I have seen this a few times, but assume it was related to load on the Ambari server host... maybe something related to open files or pipes.

Does this issue happen every time you attempt to Regenerate Keytab files?

What version of Ambari are you running? A retry loop was added in Ambari 2.5 to help things like this. So when that comes out, you should upgrade to that to see if it helps your issue.

Re: kadmin: Cannot read password while initializing kadmin interface

New Contributor

yes, it happened every time when click 'Regenreate Keytab'.

the Ambari version is 2.4.2.0-136

Re: kadmin: Cannot read password while initializing kadmin interface

New Contributor

Thanks @Jay SenSharma @Robert Levas ,i find the reason

when click Regenerate Keytab, a web page pop, Principle and password needed . but some time it pop up,some time nothing。i will find why .

Re: kadmin: Cannot read password while initializing kadmin interface

Super Mentor

@Elvis Zhang

You can avoid Ambari UI to ask password for kadmin. You can store that kadmin credential to ambari store.

https://community.hortonworks.com/articles/42927/adding-kdc-administrator-credentials-to-the-ambari....

curl -H "X-Requested-By:ambari" -u admin:admin -X PUT -d '{ "Credential" : { "principal" : "admin/admin@EXAMPLE.COM", "key" : "pwd$hwx", "type" : "persisted" } }' http://ambari.example.com:8080/api/v1/clusters/c1/credentials/kdc.admin.credential

.

Above will require a keystore setup and then "[2] Encrypt passwords stored in ambari.properties file." on ambari-server setup-security wizard. Using this way you can avoid entering the kadmin credentials everytime on ambari.