Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

kadmin: Cannot read password while initializing kadmin interface

Labels:
avatar
author-rank jimfrank324
Explorer

Created on ‎03-27-2017 08:59 AM - edited ‎09-16-2022 04:20 AM

from ambari-web "Admin->Kerberos->", when i click "Regenerate Keytabs" an error occured

14067-image-200.png

One error is "/var/log/kadmin.log: don't have permission

Another is "kadmin:Can't read password while initalizing kadmin interface"

4,565 Views
0 Kudos
6 REPLIES 6

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎03-27-2017 09:21 AM

@Elvis Zhang

1. Are you sure if ambari is running as root?

2. Can you please list the permission of file.

# ls -lart /var/log/kadmind.log

3. From ambari host the KDC is reachable or not?

# telnet  kdcHostName  kdcPort
# telnet erie1.example.com 88

.

3,636 Views

avatar
author-rank jimfrank324
Explorer

Created on ‎03-27-2017 10:03 AM - edited ‎08-18-2019 03:17 AM

1. ambari is running as ambari

14068-image-202.png

i think the reason is 

"STDERR: kadmin: Cannot read password while initializing kadmin interface"

but when i run kadmin at another host(not kdc server) , i can connect the kdc server like this(input kadmin password) . they are all same with kdc's.

maybe the ambari-server read password from error config ??

14069-image-203.png

3,636 Views
0 Kudos

avatar
author-rank rlevas
Guru

Created ‎03-27-2017 02:46 PM

@Elvis Zhang

I have seen this a few times, but assume it was related to load on the Ambari server host... maybe something related to open files or pipes.

Does this issue happen every time you attempt to Regenerate Keytab files?

What version of Ambari are you running? A retry loop was added in Ambari 2.5 to help things like this. So when that comes out, you should upgrade to that to see if it helps your issue.

3,636 Views
0 Kudos

avatar
author-rank jimfrank324
Explorer

Created ‎03-28-2017 12:37 AM

yes, it happened every time when click 'Regenreate Keytab'.

the Ambari version is 2.4.2.0-136

3,636 Views
0 Kudos

avatar
author-rank jimfrank324
Explorer

Created ‎03-28-2017 03:12 AM

Thanks @Jay SenSharma @Robert Levas ,i find the reason

when click Regenerate Keytab, a web page pop, Principle and password needed . but some time it pop up,some time nothing。i will find why .

3,636 Views
0 Kudos

avatar
author-rank jsensharma author-rank
Master Mentor

Created ‎03-28-2017 03:17 AM

@Elvis Zhang

You can avoid Ambari UI to ask password for kadmin. You can store that kadmin credential to ambari store.

https://community.hortonworks.com/articles/42927/adding-kdc-administrator-credentials-to-the-ambari....

curl -H "X-Requested-By:ambari" -u admin:admin -X PUT -d '{ "Credential" : { "principal" : "admin/admin@EXAMPLE.COM", "key" : "pwd$hwx", "type" : "persisted" } }' http://ambari.example.com:8080/api/v1/clusters/c1/credentials/kdc.admin.credential

.

Above will require a keystore setup and then "[2] Encrypt passwords stored in ambari.properties file." on ambari-server setup-security wizard. Using this way you can avoid entering the kadmin credentials everytime on ambari.

3,636 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements