Changing the Password for the Kerberos Administrator of an MRS Cluster

This section describes how to periodically change the password for the Kerberos or OMS Kerberos administrator kadmin of an MRS cluster (MRS 3.x or later) to improve system O&M security.

If the password is changed, the downloaded user credential will be unavailable. Redownload the authentication credential and replace the old one.

Prerequisites

For MRS 2.x or earlier, the client has been installed on the Master1 node.
For MRS 3.x or later, the client has been installed on any node in the cluster and the IP address of the node has been obtained.

Changing the Password of the Kerberos Administrator

If the current MRS version is 3.x or later, changing the password of this user will change the password of the OMS Kerberos administrator.

Log in to a cluster node.
- For MRS 3.x or later, log in to the node where the client is installed as user root using the node IP address.
- For MRS 2.x or earlier: Log in to the Master1 node.
(Optional) To change the password as user omm, run the following command to switch to user omm:

sudo su - omm
Run the following command to go to the client directory, for example, /opt/hadoopclient:

cd /opt/hadoopclient
Run the following command to set environment variables:

source bigdata_env
Run the following command to change the password of kadmin/admin. This operation takes effect for all servers. Keep the password secure because it cannot be retrieved once lost.

kpasswd kadmin/admin
Enter the password (default: Admin@123) and set a new password. The new password must meet the following complexity requirements:
- For MRS 2.x or earlier:
  - The password must contain at least eight characters.
  - The password must contain at least three types of the following: uppercase letters, lowercase letters, digits, spaces, and special characters ('~!@#$%^&*()-_=+\|[{}];:'",<.>/?).
  - The password cannot be the username or the reverse username.
- MRS 3.x or later:
  - The password must contain at least eight characters.
  - The password must contain at least four types of the following: uppercase letters, lowercase letters, numbers, spaces, and special characters (~`!?,.;-_'(){}[]/<>@#$%^&*+|\=).
  - The password cannot be the same as the username or the username spelled backwards.
  - The password cannot be a common easily-cracked password.
  - The password cannot be the same as the password used in the last N times. N indicates the value of Repetition Rule in Configuring Password Policies for MRS Cluster Users.

Changing the Password of the OMS Kerberos Administrator

This operation is supported only in MRS 3.x or later.

Changing this user's password will also update the Kerberos administrator password.

Log in to any management node in the cluster as user omm.
Run the following command to go to the directory:

cd ${BIGDATA_HOME}/om-server/om/meta-0.0.1-SNAPSHOT/kerberos/scripts
Run the following command to set environment variables:

source component_env
Run the following command to change the password of kadmin/admin. This operation takes effect for all servers. Keep the password secure because it cannot be retrieved once lost.

kpasswd kadmin/admin

Enter the user password and set a new password. The new password must meet the following complexity requirements:
- The password contains at least 8 characters.
- The password contains at least four types of the following: uppercase letters, lowercase letters, numbers, and special characters (~`!?,.;-_'(){}[]/<>@#$%^&*+|\=).
- The password cannot be the same as the username or the username spelled backwards.
- The password cannot be a common easily-cracked password.
- The password cannot be the same as the password used in the last N times. N indicates the value of Repetition Rule in Configuring Password Policies for MRS Cluster Users.