AES encryption is used by default in MIT kerberos v5. But in Cloudera Distribution of Hadoop(CDH) does not support AES encryption.Here I am describing how to remove AES encryption from kerberos and change password of Ticket granting Ticket Principal.
Step 1: Removing AES encryption
Edit /etc/krb5kdc/kdc.conf file and remove aes256-cts:normal from ' 'supported_enctypes'
sudo vi /etc/krb5kdc/kdc.confStep 2: Change password of Ticket granting Ticket Principal
Use the following command in 'kadmin' utility
#kadmin -p root/admin >change_password -randkey krbtgt/TEST.COM@TEST.COMTEST.COM is your realm name.
Step 3: Restart kdc and admin server
sudo invoke-rc.d krb5-kdc restart sudo invoke-rc.d krb5-admin-server restartReference : http://web.mit.edu/kerberos/www/krb5-1.2/krb5-1.2.6/doc/admin.html
No comments:
Post a Comment