[38755] in Kerberos
Re: MIT Kerberos Master principal deletion
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu Jun 11 17:15:33 2020
To: Harshawardhan Kulkarni <harshawardhan.rk@gmail.com>,
"kerberos@mit.edu"
<kerberos@mit.edu>
From: Greg Hudson <ghudson@mit.edu>
Message-ID: <76eade1d-6477-40ca-722f-5225df07b036@mit.edu>
Date: Thu, 11 Jun 2020 17:13:07 -0400
MIME-Version: 1.0
In-Reply-To: <CAP8kJPf19ho+yURF2xoHUipkBAgEyUcOWETMtom6eHFtnqin4w@mail.gmail.com>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu
On 6/10/20 10:32 PM, Harshawardhan Kulkarni wrote:
> We have a Kerberised Hadoop Cloudera Custer. KDC Admin server is on one of
> the nodes. We don't have a failover node for KDC server yet. On the KDC
> admin server while doing a clean up activity for unwanted kdc principals, I
> deleted the master key principal (K/M@REALM.COM) We never took a kdc dump
> of the master key. So we don't have a backup to restore from.
>
> Is there any way I can restore the master key principal?
Unfortunately, it doesn't look like our tools provide any good recovery
options for this case, so I think you're stuck recreating the Kerberos
database.
I will file a ticket that it shouldn't be possible to delete the K/M
principal entry.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
