https://community.cloudera.com/t5/Support-Questions/Kerberized-Clusters-Can-you-have-multiple-keytabs-in-AD/m-p/221213#M183087 <P>Please provide information on how you are generating and defining your keytabs.</P><P>try klist -k nifi-1-service-keytab</P><P>If you principals have HOST (machine name or IP) as part of the definition like xxxx/HOST_NAME@domain you will not be able to use the keytab on any other machine.</P><P>Renaming the keytab will not work as content of the file still point to a specific host.</P><P>It is best practice to have separate keytab for separate machines. Reusing the same keytab is not the most secure option.</P><P>Alternatively, if you define a principal in AD as headless that is without HOST attribute. And then create a keytab, that keytab can be used on any host typically this is your hdfs principal. But, not too secure.</P> Fri, 05 May 2017 00:45:12 GMT umair_khan 2017-05-05T00:45:12Z