How to “kdestroy” user's ticket in FreeIPA (LDAP 389 Directory Server)
up vote
0
down vote
favorite
We are trying out FreeIPA (LDAP 389 Directory Server) and integrated the same to our Ambari Hadoop cluster (HDP v3.0.1).
We are able to add users and provide them access to Hadoop with help of Kinit command.
However, when deleting the users in FreeIPA GUI, the principal gets deleted. The deleted user's principal will not be there in the "kadmin" prompt when I do listprincs.
But the user will still be having a valid ticket when he does "klist" and can access Hadoop even though the principal is removed. We cannot do "kdestory" manually. Typically, when users are removed in FreeIPA, the same users should not be able to access Hadoop as well.
Can't FreeIPA handle kdestroy?
Please provide your suggestions.
Thanks,
Shesh
user-management ldap hadoop kerberos cloudera-manager
add a comment |
up vote
0
down vote
favorite
We are trying out FreeIPA (LDAP 389 Directory Server) and integrated the same to our Ambari Hadoop cluster (HDP v3.0.1).
We are able to add users and provide them access to Hadoop with help of Kinit command.
However, when deleting the users in FreeIPA GUI, the principal gets deleted. The deleted user's principal will not be there in the "kadmin" prompt when I do listprincs.
But the user will still be having a valid ticket when he does "klist" and can access Hadoop even though the principal is removed. We cannot do "kdestory" manually. Typically, when users are removed in FreeIPA, the same users should not be able to access Hadoop as well.
Can't FreeIPA handle kdestroy?
Please provide your suggestions.
Thanks,
Shesh
user-management ldap hadoop kerberos cloudera-manager
add a comment |
up vote
0
down vote
favorite
up vote
0
down vote
favorite
We are trying out FreeIPA (LDAP 389 Directory Server) and integrated the same to our Ambari Hadoop cluster (HDP v3.0.1).
We are able to add users and provide them access to Hadoop with help of Kinit command.
However, when deleting the users in FreeIPA GUI, the principal gets deleted. The deleted user's principal will not be there in the "kadmin" prompt when I do listprincs.
But the user will still be having a valid ticket when he does "klist" and can access Hadoop even though the principal is removed. We cannot do "kdestory" manually. Typically, when users are removed in FreeIPA, the same users should not be able to access Hadoop as well.
Can't FreeIPA handle kdestroy?
Please provide your suggestions.
Thanks,
Shesh
user-management ldap hadoop kerberos cloudera-manager
We are trying out FreeIPA (LDAP 389 Directory Server) and integrated the same to our Ambari Hadoop cluster (HDP v3.0.1).
We are able to add users and provide them access to Hadoop with help of Kinit command.
However, when deleting the users in FreeIPA GUI, the principal gets deleted. The deleted user's principal will not be there in the "kadmin" prompt when I do listprincs.
But the user will still be having a valid ticket when he does "klist" and can access Hadoop even though the principal is removed. We cannot do "kdestory" manually. Typically, when users are removed in FreeIPA, the same users should not be able to access Hadoop as well.
Can't FreeIPA handle kdestroy?
Please provide your suggestions.
Thanks,
Shesh
user-management ldap hadoop kerberos cloudera-manager
user-management ldap hadoop kerberos cloudera-manager
asked Nov 18 at 13:42
Shesh Kumar Bhombore
92
92
add a comment |
add a comment |
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1093958%2fhow-to-kdestroy-users-ticket-in-freeipa-ldap-389-directory-server%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown