https://community.cloudera.com/t5/Support-Questions/Execution-of-usr-bin-kinit-kt-etc-security-keytabs-hdfs/m-p/207196#M169157 <P><EM>@<A href="https://community.hortonworks.com/users/2384/arjunm5573.html">arjun more</A></EM></P><P><EM>If you have KDC and AD integrated, this simply means the account to which the keytab is related has been disabled, locked, expired, or deleted. </EM></P><P><EM>The AD service account should NEVER expire. </EM></P><P><EM>If not could you validate the below steps </EM></P><P><EM>Make sure the<STRONG> [realms]</STRONG> and<STRONG> [domain_realms] </STRONG>entries in cat /etc/krb5.conf is correct. </EM></P><P><EM>Validate the contents of these 2 files<STRONG> /var/kerberos/krb5kdc/kdc.conf </STRONG>, <STRONG>/var/kerberos/krb5kdc/kadm5.acl </STRONG></EM></P><P><EM>Check the hdfs prinncipal</EM></P><PRE><EM># kadmin.local Authenticating as principal hdfs-uktehdpprod/admin@EUROPE.ODCORP.NET with password. kadmin.local: listprincs hdfs* hdfs-uktehdpprod@EUROPE.ODCORP.NET kadmin.local: </EM></PRE><P><EM>Get the correct prncipal for hdfs </EM></P><PRE><EM># klist -kt /etc/security/keytabs/hdfs.headless.keytab Keytab name: FILE:/etc/security/keytabs/hdfs.headless.keytab KVNO Timestamp Principal ---- ------------------- ------------------------------------------------------ 1 08/24/2017 15:42:23 hdfs-uktehdpprod@EUROPE.ODCORP.NET 1 08/24/2017 15:42:23 hdfs-uktehdpprod@EUROPE.ODCORP.NET 1 08/24/2017 15:42:23 hdfs-uktehdpprod@EUROPE.ODCORP.NET </EM></PRE><P><EM>Try grabbing a valid Kerberos ticket </EM></P><PRE><EM># kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-uktehdpprod@EUROPE.ODCORP.NET </EM></PRE><P><EM> Validate the avalability period </EM></P><PRE><EM># klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: hdfs-uktehdpprod@EUROPE.ODCORP.NET Valid starting Expires Service principal 10/04/2017 19:36:12 10/05/2017 19:36:12 krbtgt/EUROPE.ODCORP.NET@EUROPE.ODCORP.NET</EM></PRE><P><EM>Please revert</EM></P> Thu, 05 Oct 2017 00:56:49 GMT Shelton 2017-10-05T00:56:49Z