Each node in your cluster requires DNS to be working properly, NTP to be enabled and
the system time set, and the Kerberos client libraries installed.
Each node in your cluster requires DNS to be working properly, NTP to be enabled and
the system time synchronized, and the Kerberos client libraries installed.
Prerequisites
- You have read and implemented the Kerberos guidelines.
- If using Oracle Java 8, you must use at least 1.8.0_40.
- If you are using Oracle Java, make sure the Java Cryptography Extension (JCE)
Unlimited Strength Jurisdiction Policy Files are installed on each node.
Procedure
Perform the following steps on every node:
-
On each node, confirm DNS is working:
-
On each node, confirm that NTP is configured and running:
remote refid st t when poll reach delay offset jitter
==============================================================================
*li506-17.member 209.51.161.238 2 u 331 1024 377 80.289 1.384 1.842
-tock.eoni.com 216.228.192.69 2 u 410 1024 377 53.812 1.706 34.692
+time01.muskegon 64.113.32.5 2 u 402 1024 377 59.378 -1.635 1.840
-time-a.nist.gov .ACTS. 1 u 746 1024 151 132.832 26.931 55.018
+golem.canonical 131.188.3.220 2 u 994 1024 377 144.080 -1.732 20.072
-
Install the Kerberos client software.
-
If you are not using the JCE Unlimited Strength Jurisdiction Policy, make sure
that your ticket granting principal does not use AES-256.
-
If your Kerberos sever is using MIT Kerberos server for Linux, copy the
krb5.conf from the Kerberos server to each DataStax
Enterprise node. If using other Kerberos server solution, copy the REALM section
to the krb5.conf on each DataStax Enterprise node.
scp /etc/krb5.conf node1.example.com:/etc/
The krb5.conf file contains configuration information for
your Kerberos domain.