Setting up Kerberos
DataStax Enterprise authentication with Kerberos protocol uses tickets to prove identity for users and applications without the need to pass credentials, only a Kerberos ticket. This enables a deployment to have fewer attack vectors and can eliminate the need to embed passwords in configuration files.
Also see Security checklists.
- Kerberos guidelines
Provides DataStax recommendations and requirements for setting up Kerberos.
- Enabling JCE Unlimited
To enable JCE Unlimited, use the crypto.policy Security property introduced in JDK 8u151.
- Preparing DSE nodes for Kerberos
Example instructions to install the Kerberos client libraries on DSE nodes, verify DNS entry, system time settings, and set up a service principal.