what are the impacts of changing service account password in kerberized cluster ?
Service accounts likehdfs, hbase, spark, etc. password rely on keytabs. It has principals which look like any other normal user principal but they do rely on having valid keytabs around. If the passwords for these service accounts expire/ changethen you will need to re-generate keytabs for them once the password is updated. You can re-generate these keytabs in Ambari by going to the Kerberos screen and pressing the "Regenerate Keytabs" button. This will also automatically distribute the keytabs where they are needed. Note it's always best to restart the cluster when you do this.
NOTE:- for better smoothness of this process please try changing password for one service account followed by service restart and observe if any impact is there and then proceed for other Service Accounts.
To answer your question, changing the password of the service accounts would not affect the running services since the passwords are not used to start the service. Hence passwords are not required during the service startup or during the life time of process.
Madhuri Adipudi, Technical Solutions Manager
Was your question answered? Make sure to mark the answer as the accepted solution. If you find a reply useful, say thanks by clicking on the thumbs up button.