Generating Kerberos keytab file for Navigator Encrypt

Learn how to generate Navigator Encrypt keytab file by using the navencrypt-gen-keytab script.

In environments utilizing Navigator Encrypt alongside Ranger KMS, a script named navencrypt-gen-keytab facilitates the creation of Kerberos keytab files. This script interacts with Cloudera Manager to generate the necessary keytab file, which is pivotal for secure authentication within the Navigator Encrypt framework.

The navencrypt-gen-keytab script is designed to integrate seamlessly with Cloudera Manager, leveraging its capabilities to streamline the keytab file creation process.

  • You must have access to Cloudera Manager instance (<cm-url>).

    Example Cloudera Manager URL format: https://xxyyz-zyyx8-1.vpc.cloudera.com:XXXX

  • You must have valid credentials (<user:pw>) with appropriate permissions to interact with Cloudera Manager.

    Example credential formats: example-username:example-password

  1. SSH to one of the hosts where Navigator Encrypt is deployed.
  2. Execute the following script:
    navencrypt-gen-keytab <cm-url> <user:pw>
    Replace <cm-url> with the URL of your Cloudera Manager instance and <user:pw> with the appropriate username and password combination.
    Upon successful execution, the navencrypt.keytab keytab file is created and stored in the /etc/navencrypt/ directory.
  3. To verify the creation and content of the keytab file, use the cat command:
    cat /etc/navencrypt/navencrypt.keytab

    This command displays the content of the generated keytab file, confirming its successful creation.