Question-111: What is the Kerberos Keytab?

Answer: Kerberos key tab is a file which contains the pairs of Kerberos principals and encrypted keys. As encrypted keys are derived from the password of that principals. And this file helps in single sign-on, and users can be authenticated to various remote system and user don’t have to enter password again and again. So whenever user change the password keytabs should be recreated.

The common approach is like that Keytab files allow scripts to automatically authenticate using Kerberos, without requiring human interaction or access to password stored in the plain text file.

Question-112: What is Kerberos Key Distribution center?

Answer: Kerberos Key Distribution center is a computer or node or a machine which issues the tickets (this are credentials in case of Kerberos). KDC is responsible for authenticating users when Kerberos is used.

Question-113: What all are the type of tickets which Kerberos KDC can issue?

Answer: There two types of tickets which Kerberos can issue and these are

• TGT (Ticket Granting Ticket) : This is a ticket which you first need to get it. Once you get this ticket you have a permission to obtain additional tickets.
• Service Ticket: This ticket would be issued by ticket granting server.

Question-114: What is Ticket Granting Server?

Answer: Its KDC (Key Distribution Server) responsibility to issue the service ticket and the component in the KDC which issue service ticket is a Ticket Granting Server. If any principal who wanted to get access to a service which is Kerberos enabled it has to first het the TGT (Ticket granting ticket) once he has this ticket then it can request service ticker for a particular service.

Question-115: Can I regenerate the key tabs for the Hadoop cluster?

Answer: Suppose you want to regenerate the keytab in Ambari then

• Your cluster must be Kerberos-enabled.
• You must have KDC (Kerberos Key Distribution center) Admin credentials as well.

When you regenerate the keys in the Ambari then it would connect to the KDC (Key Distribution Center) and regenerate the key tabs for the service and Ambari principals in the cluster.