Support Questions
Find answers, ask questions, and share your expertise

how to create new keytab if my previous keytab is expired?

Solved Go to solution

how to create new keytab if my previous keytab is expired?

Explorer

how to create new keytab if my previous keytab is expired?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: how to create new keytab if my previous keytab is expired?

Super Mentor

@OmThakare 
Are you managing keytabs/kerberos using Ambari?

If yes, then you can regenerate keytabs from Ambari UI. Ambari allows to either regenerate all keytabs or only for specific components on specific hosts.

 

Regenerating keytabs for all hosts in the cluster is a disruptive operation, and requires all components to be restarted. Optionally, keytabs can be regenerated only for missing hosts and components, and this operation requires selectively restarting those affected hosts and services.

 

https://docs.cloudera.com/HDPDocuments/Ambari-2.7.4.0/managing-and-monitoring-ambari/content/amb_reg...

.

If you are not not using Ambari to manage kerberos then  Following link describes How to create service principals and keytab files

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/security-reference/content/kerberos_nonambari_...

 

View solution in original post

3 REPLIES 3

Re: how to create new keytab if my previous keytab is expired?

Super Mentor

@OmThakare 
Are you managing keytabs/kerberos using Ambari?

If yes, then you can regenerate keytabs from Ambari UI. Ambari allows to either regenerate all keytabs or only for specific components on specific hosts.

 

Regenerating keytabs for all hosts in the cluster is a disruptive operation, and requires all components to be restarted. Optionally, keytabs can be regenerated only for missing hosts and components, and this operation requires selectively restarting those affected hosts and services.

 

https://docs.cloudera.com/HDPDocuments/Ambari-2.7.4.0/managing-and-monitoring-ambari/content/amb_reg...

.

If you are not not using Ambari to manage kerberos then  Following link describes How to create service principals and keytab files

https://docs.cloudera.com/HDPDocuments/HDP3/HDP-3.1.5/security-reference/content/kerberos_nonambari_...

 

View solution in original post

Re: how to create new keytab if my previous keytab is expired?

Explorer

I am using Ad kerberus and sentry for security.

Re: how to create new keytab if my previous keytab is expired?

Explorer

no I am using CDH 5.13.3