Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

How are keytabs generated from within Ambari when passwords expire?

avatar
Rising Star

Ambari creates keytabs internally because it has details of the AD it is connecting to. However, how does ambari regenerate keytabs once the passwords expire at AD end? How does it ensure that the services dependent on those keytabs do not go down? Or all services have to be shut down when a new keytab is provisioned?

1 ACCEPTED SOLUTION

avatar
Contributor

Hi @Sumit Nigam

You can tell Ambari to regenerate all keytabs for all services if you know the passwords expired on the AD/LDAP server.

Hope that helps.

View solution in original post

3 REPLIES 3

avatar
Contributor

Hi @Sumit Nigam

You can tell Ambari to regenerate all keytabs for all services if you know the passwords expired on the AD/LDAP server.

Hope that helps.

avatar
Rising Star

Thank you @wengelbrecht - But how does it manage all services who are using older keytab? Does it restart them?

avatar
Contributor

Correct, as the older TGT are now outdated, the services needs to be restarted to use the new keytab files and grab a new TGT. Ambari will do this for you when you regenerate the keytab files.