Support Questions

sumit_nigam · ‎06-28-2017

Ambari creates keytabs internally because it has details of the AD it is connecting to. However, how does ambari regenerate keytabs once the passwords expire at AD end? How does it ensure that the services dependent on those keytabs do not go down? Or all services have to be shut down when a new keytab is provisioned?

wengelbrecht · ‎06-28-2017

Hi @Sumit Nigam

You can tell Ambari to regenerate all keytabs for all services if you know the passwords expired on the AD/LDAP server.

Hope that helps.

View solution in original post

wengelbrecht · ‎06-28-2017

Hi @Sumit Nigam

You can tell Ambari to regenerate all keytabs for all services if you know the passwords expired on the AD/LDAP server.

Hope that helps.

sumit_nigam · ‎06-28-2017

Thank you @wengelbrecht - But how does it manage all services who are using older keytab? Does it restart them?

wengelbrecht · ‎06-28-2017

Correct, as the older TGT are now outdated, the services needs to be restarted to use the new keytab files and grab a new TGT. Ambari will do this for you when you regenerate the keytab files.

Cloudera Community

Support Questions

How are keytabs generated from within Ambari when passwords expire?

Kerberos ticket expired ( kinit keytab successfull...

Steps to fix Ambari-server & agent expired certs

Regenerating Kerberos Keytabs from Ambari API

Kerberos with FreeIPA: password expired

Manual Keytab / Principal creation for IPA to supp...

default username/password for Ambari?

how to create new keytab if my previous keytab is ...

Frequent Session Expired in NiFi

Generate keytabs after change LDAP BIND USER passw...

Hide Password from ambari-infra-solr process