loading table of contents...

3.1. How To Regenerate Keytabs

  1. Browse to Admin > Kerberos.

  2. Click the Regenerate Kerberos button.

  3. Confirm your selection to proceed.

  4. Optionally, you can regenerate keytabs for only those hosts that are missing keytabs. For example, hosts that were not online/available from Ambari when enabling Kerberos.

  5. Once you confirm, Ambari will connect to the KDC and regenerate the keytabs for the Service and Ambari principals in the cluster.

  6. Once complete, you must restart all services for the new keytabs to be used.


Ambari requires the Kerberos Admin credentials in order to regenerate the keytabs. If the credentials are not available to Ambari, you will be prompted to enter the KDC Admin username and password. For more information on configuring Kerberos in your cluster, see the Ambari Security Guide.