Help Center/ MapReduce Service/ User Guide/ MRS Cluster O&M/ MRS Cluster Security Configuration/ Changing the Passwords for System Users of an MRS Cluster/ Changing the Passwords for MRS Cluster Component Running Users
Updated on 2024-09-23 GMT+08:00
View PDF
Share

Changing the Passwords for MRS Cluster Component Running Users

You are advised to regularly change the passwords for MRS cluster component running users to enhance system O&M security.

  • For MRS 2.x or earlier:
    • If the initial password is randomly generated by the system, reset the password.
    • If the password is changed, the downloaded user credential will be unavailable. Redownload the authentication credential and replace the old one.
  • In MRS 3.x or later, component running users are classified into the following types based on whether their initial passwords are randomly generated by the system:
    • If the initial password of a component running user is randomly generated by the system, the user is of the machine-machine type.
    • If the initial password of a component running user is not randomly generated by the system, the user is of the human-machine type.

Impact on the System

For MRS 3.x or later, the initial password for the component running user is randomly generated by the system. After changing the password, the MRS cluster needs to be restarted, which may cause temporary interruption of services during the restart.

Prerequisites

  • For MRS 2.x or earlier, the client has been installed on the Master1 node.
  • For MRS 3.x or later, the client has been installed on any node in the cluster and the IP address of the node has been obtained.

Changing the Passwords for MRS Cluster Component Running Users (MRS 3.x or Later)

  1. Log in to the node where the client is installed as the client installation user.
  2. Go to the client directory.

    cd Client installation directory

  3. Run the following command to set environment variables:

    source bigdata_env

  4. Run the following command and enter the password for user kadmin/admin to log in to the kadmin console:

    kadmin -p kadmin/admin

    The default password for the user kadmin/admin is KAdmin@123, which will expire upon your first login. Change the password as prompted. Keep the password secure as it cannot be retrieved once lost.

  5. Run the following command to change the password for an internal component running user:

    cpw Internal component username

    Example: cpw hdfs

    The username hdfs is given as an example. Replace it with the actual one.

    The default password complexity requirements are as follows:

    • The password contains at least 8 characters.
    • The password must contain at least four types of the following: uppercase letters, lowercase letters, numbers, spaces, and special characters (~`!?,.;-_'(){}[]/<>@#$%^&*+|\=).
    • The password cannot be the same as the username or the username spelled backwards.
    • The password cannot be a common easily-cracked password, for example, Admin@12345.
    • The password cannot be the same as the password used in the last N times. N indicates the value of Repetition Rule in Configuring Password Policies for MRS Cluster Users. This policy only applies to human-machine accounts.

    Run the following command to view user information:

    getprinc Internal system username

    Example: getprinc hdfs

  6. Determine the type of the user whose password needs to be changed.

    • If the user is a machine-machine user, go to 7.
    • If the user is a human-machine user, the password is successfully changed and no further action is required.

  7. Log in to FusionInsight Manager.
  8. On the home page, click or More and click Restart.
  9. In the displayed dialog box, enter the password for the current login user and click OK.
  10. In the displayed restart confirmation dialog box, click OK.
  11. Wait until the system displays a message indicating that the restart is successful.

Changing the Passwords for MRS Cluster Component Running Users (MRS 2.x or Earlier)

  1. Log in to the Master1 node.
  2. (Optional) To change the password as user omm, run the following command to switch the user:

    sudo su - omm

  3. Run the following command to switch to the client directory, for example, /opt/client:

    cd /opt/client

  4. Run the following command to configure environment variables:

    source bigdata_env

  5. Run the following command to log in to the console as user kadmin/admin:

    kadmin -p kadmin/admin

    The default password of user kadmin/admin is KAdmin@123, which will expire upon your first login. Change the password as prompted. Keep the password secure because it cannot be retrieved once lost.

  6. Run the following command to reset the password of a component running user. This operation takes effect for all servers.

    cpwComponent running user name

    For example, to reset the password of user admin, run the cpw admin command.

    For the cluster, the default password complexity requirements are as follows:
    • The password must contain 8 to 32 characters.
    • The password must contain at least three types of the following: uppercase letters, lowercase letters, digits, spaces, and special characters ('~!@#$%^&*()-_=+\|[{}];:'",<.>/?).
    • The password cannot be the username or the reverse username.