Kerberos Cheatsheet

Command to create new principal

kadmin.local -q "addprinc -randkey HTTP/HOST@REALM" 

Command to add principal in existing keytab file

xst -k /etc/security/keytabs/spnego.service.keytab HTTP/HOST@REALM

Command to check user properties

adquery user -A ambari-qa

To enable kerberos debug jvm flags

export CLIENT_JVMFLAGS=" -Djava.security.debug=gssloginconfig,configfile,configparser,logincontext"
export CLIENT_JVMFLAGS="-Djava.security.debug=all"
export KAFKA_OPTS=“-Dsun.security.krb5.debug=true”

To enable kerberos debug flags

export KAFKA_KERBEROS_PARAMS="-Djava.security.debug=all  -Dsun.security.krb5.debug=true"

Leave a Comment