We have enabled security via Kerberos for all processes on a HBase cluster. When we add a new realm to the kdc we would like for all processes to see the new configuration without having to reboot or wait for the periodic tgt renewal.
Asked
Active
Viewed 119 times
0
-
What do you expect from this? Not clear what you are asking. – Michael-O Sep 07 '15 at 09:09
-
Add a new *realm*? Why? You mean you will dynamically create a new cluster, with its own Kerberos services, and specific user accounts w/ specific passwords??? – Samson Scharfrichter Sep 07 '15 at 12:02
-
Not dynamically create the cluster, services on it just need to be made dynamically accessible to services on a given cluster. The two clusters have different realms and the challenge is to add the cross-realm auth to a cluster and start communicating with it without having to wait for auto renewal of tgt as per earlier schedule. Is there a way to force tgt renewal when needed, without prior setup. – Sameer V. Sep 08 '15 at 05:44
1 Answers
0
In Windows we use for this purpose KerbTray (a tool from Window Server 2003 Resource Kit - 2003 but it still works, at least KerbTray). We right-click on its icon in system tray and from menu choose option "Purge tickets".
It's possible to do that in command line too, using Microsoft klist purge (as described here: https://technet.microsoft.com/en-us/library/hh134826.aspx).
greenmarker
- 1,599
- 1
- 21
- 29