[38754] in Kerberos
MIT Kerberos Master principal deletion
daemon@ATHENA.MIT.EDU (Harshawardhan Kulkarni)
Thu Jun 11 17:00:39 2020
MIME-Version: 1.0
From: Harshawardhan Kulkarni <harshawardhan.rk@gmail.com>
Date: Thu, 11 Jun 2020 03:32:35 +0100
Message-ID: <CAP8kJPf19ho+yURF2xoHUipkBAgEyUcOWETMtom6eHFtnqin4w@mail.gmail.com>
To: "kerberos@mit.edu" <kerberos@mit.edu>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
Hi Team,
I basically need an advice on an ongoing issue I am currently stuck on.
We have a Kerberised Hadoop Cloudera Custer. KDC Admin server is on one of
the nodes. We don't have a failover node for KDC server yet. On the KDC
admin server while doing a clean up activity for unwanted kdc principals, I
deleted the master key principal (K/M@REALM.COM) We never took a kdc dump
of the master key. So we don't have a backup to restore from.
Is there any way I can restore the master key principal?
I have tried creating with kdb5_util add_mkey but the error says that KDC
DB is not able to find a master key credential. I assume this would only
work when you want to create another master key without deleting the
primary key.
Another option for me would be to de-kerberise the cluster and create the
same REALM and kerberise the cluster again. But there could be serious
issues if this doesn't fix as this is a live cluster where people are using
this on a daily basis.
Can anyone help me here? Looking forward for your reply.
Thanks,
Harsh Kulkarni
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
