Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

How are keytabs generated from within Ambari when passwords expire?

Solved Go to solution

How are keytabs generated from within Ambari when passwords expire?

New Contributor

Ambari creates keytabs internally because it has details of the AD it is connecting to. However, how does ambari regenerate keytabs once the passwords expire at AD end? How does it ensure that the services dependent on those keytabs do not go down? Or all services have to be shut down when a new keytab is provisioned?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: How are keytabs generated from within Ambari when passwords expire?

Cloudera Employee

Hi @Sumit Nigam

You can tell Ambari to regenerate all keytabs for all services if you know the passwords expired on the AD/LDAP server.

Hope that helps.

3 REPLIES 3
Highlighted

Re: How are keytabs generated from within Ambari when passwords expire?

Cloudera Employee

Hi @Sumit Nigam

You can tell Ambari to regenerate all keytabs for all services if you know the passwords expired on the AD/LDAP server.

Hope that helps.

Re: How are keytabs generated from within Ambari when passwords expire?

New Contributor

Thank you @wengelbrecht - But how does it manage all services who are using older keytab? Does it restart them?

Re: How are keytabs generated from within Ambari when passwords expire?

Cloudera Employee

Correct, as the older TGT are now outdated, the services needs to be restarted to use the new keytab files and grab a new TGT. Ambari will do this for you when you regenerate the keytab files.