Member since
01-29-2021
3
Posts
0
Kudos Received
0
Solutions
02-25-2021
02:03 AM
Hello, I'm not done with this issue, for information our HDP use a KDC hosted on an Active Directory wich is used for authenticatation. For security matters we wants to change HDP account passwords on a regular basis : - When I click on "Kerberos/regenerate keytabs" everything is ok for 90% of the accounts (password is changed and keytab regenerated), but as stated in my first post for 10% of the accounts nothing is done, so I have to remove unmodified keytabs and click on "Only regenerate keytabs for missing hosts and components", the keytabs are regenerated but passwords for those accounts are not modified in the AD. I've tried for the 10% accounts : - to change password in AD, generate keytabs on the AD and push the keytabs on HDP boxes => keytabs are not recognized by HDP - to change password in AD, generate keytabs on the HDP boxes and push the keytabs on HDP boxes => keytabs are not recognized by HDP (pre-authentication failed error message) So my question is : how can I easily change all the HDP account passwords without breaking Kerberos authentication ? The only working method I've found is to fully disable kerberos on the HDP cluster (to remove all accounts in the AD) and activate again kerberos on HDP cluster (which creates accounts in the AD with new passwords). any help on this matter would be greatly appreciated. regards,
... View more
02-11-2021
07:22 AM
Hello shsings, the problem was on all HDP hosts. I've done what you have told (on all hosts move not updated keytabs, perform "Only regenerate keytabs for missing hosts and components") and now all keytabs are up to date ! thanks for your help 🙂 David
... View more
01-29-2021
07:56 AM
Hello, I'm using a HDP 3.1 Kerberized HDP and I've a problem when using "regenerating keytabs" button : I've 16 regenerated keytabs and 5 keytabs not regenerated. The 5 keytabs that are not updated : - ambari-infra-sol.service.keytab - hive.service.keytab - smokeuser.headless.keytab - spnego.service.keytab - yarn.service.keytab I have no error in the logs regarding problem with keytab generation or keytab deployment. I can restart all the services and everything is working fine but how can I have ALL keytabs regenerated ? thanks for your help,
... View more
Labels: