yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
a41a4e0331fbc0beff63bb28fa59228cc9a751df
doc-exports/docs/mrs/umn/admin_guide_000256.html
Yang, Tong 5914b67d13 MRS UMN Doc 20240802 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: Yang, Tong <yangtong2@huawei.com>
Co-committed-by: Yang, Tong <yangtong2@huawei.com>
2024-09-28 19:04:58 +00:00

35 lines
7.0 KiB
HTML
Raw Blame History

<a name="admin_guide_000256"></a><a name="admin_guide_000256"></a>
<h1 class="topictitle1">Changing the Password for the LDAP Administrator</h1>
<div id="body1529658735919"><div class="note" id="admin_guide_000256__note617723283414"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="admin_guide_000256__p91791632123410">This section applies only to MRS 3.1.0. For later versions, see <a href="admin_guide_000162.html">Modifying OMS Service Configuration Parameters</a>.</p>
</div></div>
<div class="section" id="admin_guide_000256__section14368423113735"><h4 class="sectiontitle">Scenario</h4><p id="admin_guide_000256__p54563695113728">It is recommended that the administrator periodically changes the passwords of LDAP administrator accounts <strong id="admin_guide_000256__b763906442114459">cn=krbkdc,ou=Users,dc=hadoop,dc=com</strong> and <strong id="admin_guide_000256__b124016538114459">cn=krbadmin,ou=Users,dc=hadoop,dc=com</strong> to improve the system O&amp;M security.</p>
</div>
<div class="section" id="admin_guide_000256__section36437228113742"><h4 class="sectiontitle">Impact on the System</h4><ul id="admin_guide_000256__ul1964219442"><li id="admin_guide_000256__li10941122440">You need to restart the KrbServer service after changing the password.</li><li id="admin_guide_000256__li3961284416">After the password is changed, check whether the LDAP administrator accounts <strong id="admin_guide_000256__b1739719321221">cn=krbkdc,ou=Users,dc=hadoop,dc=com</strong> and <strong id="admin_guide_000256__b05641037162210">cn=krbadmin,ou=Users,dc=hadoop,dc=com</strong> are locked, run the following command on the active management node of the cluster to check whether <strong id="admin_guide_000256__b0344112012236">krbkdc</strong> is locked (the method for user <strong id="admin_guide_000256__b1811602413238">krbadmin</strong> is similar):<div class="note" id="admin_guide_000256__note59616244416"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="admin_guide_000256__p99615254416">OLdap port number obtaining method:</p>
<ol id="admin_guide_000256__ol4963254418"><li id="admin_guide_000256__li1496826449">Log in to <span id="admin_guide_000256__text67509419010">MRS</span> Manager, choose <span class="menucascade" id="admin_guide_000256__menucascade946641762418"><b><span class="uicontrol" id="admin_guide_000256__uicontrol545951722411">System</span></b> &gt; <b><span class="uicontrol" id="admin_guide_000256__uicontrol174611917202419">OMS</span></b> &gt; <b><span class="uicontrol" id="admin_guide_000256__uicontrol84635174246">oldap</span></b> &gt; <b><span class="uicontrol" id="admin_guide_000256__uicontrol1046413179248">Modify Configuration</span></b></span>:</li><li id="admin_guide_000256__li396152154417">The <strong id="admin_guide_000256__b137654229246">LDAP Listening Port</strong> parameter value is <strong id="admin_guide_000256__b176617222248">oldap port</strong>.</li></ol>
</div></div>
<p id="admin_guide_000256__p69611214447"><strong id="admin_guide_000256__b1692511654114459">ldapsearch -H ldaps://</strong><em id="admin_guide_000256__i1707088468114459">OMS_FLOAT_ IP address:OLdap port</em> <strong id="admin_guide_000256__b1523460557114459">-LLL -x -D</strong> <strong id="admin_guide_000256__b209620217445">cn=krbkdc,ou=Users,dc=hadoop,dc=com -W -b cn=</strong><strong id="admin_guide_000256__b149642154417">krbkdc,ou=Users,dc=hadoop,dc=com -e ppolicy</strong></p>
<p id="admin_guide_000256__p12960218447">Enter the password of the LDAP administrator account <strong id="admin_guide_000256__b478831547114459">krbkdc</strong>. If the following message is displayed, the account is locked. For details about how to unlock the account, see <a href="admin_guide_000245.html">Unlocking LDAP Users and Management Accounts</a>.</p>
<pre class="screen" id="admin_guide_000256__screen7967215445">ldap_bind: Invalid credentials (49); Account locked</pre>
</li></ul>
</div>
<div class="section" id="admin_guide_000256__section316609511390"><h4 class="sectiontitle">Prerequisites</h4><p id="admin_guide_000256__p23454548113728">You have obtained the management node IP address.</p>
</div>
<div class="section" id="admin_guide_000256__section6358335125513"><h4 class="sectiontitle">Procedure</h4><ol id="admin_guide_000256__ol3066221416394"><li id="admin_guide_000256__li6004580116394"><span>Log in to the active management node as user <strong id="admin_guide_000256__b174568576114459">omm</strong> with the IP address of the active management node.</span></li><li id="admin_guide_000256__li1840972716394"><span>Run the following command to go to the related directory:</span><p><p id="admin_guide_000256__p3187168716394"><strong id="admin_guide_000256__b3414030010136">cd ${BIGDATA_HOME}/om-server/om/meta-0.0.1-SNAPSHOT/kerberos/scripts</strong></p>
</p></li><li id="admin_guide_000256__li4594629316394"><span>Run the following command to change the password of the LDAP administrator account:</span><p><p id="admin_guide_000256__p1479293716394"><strong id="admin_guide_000256__b3146982116394">./okerberos_modpwd.sh</strong></p>
<p id="admin_guide_000256__p6602757216394">Enter the old password and then enter a new password twice.</p>
<p id="admin_guide_000256__p5737723916394">The password complexity requirements are as follows:</p>
<ul id="admin_guide_000256__ul3845040116394"><li id="admin_guide_000256__li4663310716394">The password contains 16 to 32 characters.</li><li id="admin_guide_000256__li1704478616394">The password contains at least three types of the following: uppercase letters, lowercase letters, digits, spaces, and special characters which can only be `~!@#$%^&amp;*()-_=+|[{}];,&lt;.&gt;/?.</li><li id="admin_guide_000256__li1918534716394">The password cannot be the same as the current password.</li></ul>
<p id="admin_guide_000256__p1050929216394">If the following information is displayed, the password is changed successfully.</p>
<pre class="screen" id="admin_guide_000256__screen2747476516394">Modify kerberos server password successfully.</pre>
</p></li><li id="admin_guide_000256__li6601544135710"><span>Log in to <span id="admin_guide_000256__text87227350237">MRS</span> Manager, click <strong id="admin_guide_000256__b169008719302">Cluster</strong>, click the name of the desired cluster, and choose <strong id="admin_guide_000256__b129071671309">Services</strong> &gt; <strong id="admin_guide_000256__b109071473302">KrbServer</strong>. On the displayed page, choose <strong id="admin_guide_000256__b101829153316">More</strong> &gt; <strong id="admin_guide_000256__b210591816319">Restart Service</strong>.</span><p><p id="admin_guide_000256__p1283124918574">Enter the password and do not select <strong id="admin_guide_000256__b2065712566314">Restart upper-layer services</strong>. Click <strong id="admin_guide_000256__b114631458123112">OK</strong> to restart the KrbServer service.</p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000252.html">Changing the Password for a System Internal User</a></div>
</div>
</div>
View Git Blame Copy Permalink