Providing Kerberos credentials using a keytab file

Configure a Kerberos keytab file for DSE clients.

Configure Kerberos for the DataStax Enterprise (DSE) clients, including dsetool, DSE FS, DSE Graph, and DSE Spark.

Procedure

  1. Create the keytab file with kadmin:
    Start kadmin:
    kadmin
    Create file:
    ktadd -k file_name principal_name
  2. Log in using kinit:
    kinit -k -t file_name principal_name
  3. Create a JAAS configuration file for the DSE Client:
    1. Create a file named .java.login.config and put it in the home directory.
    2. Define the variables required to use a keytab file:
      DseClient {
          com.sun.security.auth.module.Krb5LoginModule required
          refreshKrb5Config=true
          useKeyTab=true
          keyTab="file_name"
          principal="principal_name";
      };
      where
      keyTab
      Absolute path to the keytab file. For example, /home/adam/krb5_opsc.keytab.
      principal
      The fully qualified principal name. For example, dse_admin/dse1.lan@EXAMPLE.COM.
      Note: For more information on the available settings see the documentation for com.sun.security.auth.module.Krb5LoginModule.
  4. (Optional) If the JAAS configuration is not in the default location or have the default name, customize the location using on of the following methods: