MIT Kerberos Master principal deletion
Greg Hudson
ghudson at mit.edu
Thu Jun 11 17:13:07 EDT 2020
On 6/10/20 10:32 PM, Harshawardhan Kulkarni wrote:
> We have a Kerberised Hadoop Cloudera Custer. KDC Admin server is on one of
> the nodes. We don't have a failover node for KDC server yet. On the KDC
> admin server while doing a clean up activity for unwanted kdc principals, I
> deleted the master key principal (K/M at REALM.COM) We never took a kdc dump
> of the master key. So we don't have a backup to restore from.
>
> Is there any way I can restore the master key principal?
Unfortunately, it doesn't look like our tools provide any good recovery
options for this case, so I think you're stuck recreating the Kerberos
database.
I will file a ticket that it shouldn't be possible to delete the K/M
principal entry.
More information about the Kerberos
mailing list