MIT Kerberos Master principal deletion
Harshawardhan Kulkarni
harshawardhan.rk at gmail.com
Wed Jun 10 22:32:35 EDT 2020
Hi Team,
I basically need an advice on an ongoing issue I am currently stuck on.
We have a Kerberised Hadoop Cloudera Custer. KDC Admin server is on one of
the nodes. We don't have a failover node for KDC server yet. On the KDC
admin server while doing a clean up activity for unwanted kdc principals, I
deleted the master key principal (K/M at REALM.COM) We never took a kdc dump
of the master key. So we don't have a backup to restore from.
Is there any way I can restore the master key principal?
I have tried creating with kdb5_util add_mkey but the error says that KDC
DB is not able to find a master key credential. I assume this would only
work when you want to create another master key without deleting the
primary key.
Another option for me would be to de-kerberise the cluster and create the
same REALM and kerberise the cluster again. But there could be serious
issues if this doesn't fix as this is a live cluster where people are using
this on a daily basis.
Can anyone help me here? Looking forward for your reply.
Thanks,
Harsh Kulkarni
More information about the Kerberos
mailing list