Locate the download site in either My Oracle Support or Automated Release Updates (ARU): If the KDC does not support renewable tickets when Kerberos is configured, then Oozie and Hue might not work correctly. Modprinc -maxrenewlife duration krbtgt/ REALM NAME Use the following kadmin command, replacing duration with the time period and REALM NAME with the name of the realm: Set maxrenewlife for the krbtgt principal.
The max_life parameter defines the time period when the ticket is valid, and the max_renewable_life parameter defines the time period when users can renew a ticket. Open kdc.conf and set values for max_life and max_renewable_life. To support Oozie and Hue, ensure that the remote KDC supports renewable tickets. Xst -k cmf.keytab cmf.keytab to /opt/oracle/BDAMammoth. It must be able to add, modify, remove, and list principals from the database.Ĭreate the cmf.keytab file by running the following command from kadmin: MIT Kerberos Requirements for a Remote KDC:Īdd cloudera-scm/admin as a user to the KDC database by running the following command from kadmin:Īddprinc -randkey cloudera-scm/admin all permissions to the Kerberos database.