Setting up Kerberos

DataStax Enterprise (DSE) authentication with Kerberos protocol uses Kerberos tickets to prove identity for users and applications without the need to pass credentials. This enables a deployment to have fewer attack vectors and can eliminate the need to embed passwords in configuration files.

Also see DSE security checklists.
Kerberos guidelines

Provides DataStax recommendations and requirements for setting up Kerberos.

Enabling JCE Unlimited

To enable JCE Unlimited, use the crypto.policy Security property introduced in Oracle’s JDK 8u151.

Preparing DSE nodes for Kerberos

Example instructions to install the Kerberos client libraries on DSE nodes, verify DNS entry, system time settings, and set up a service principal.

Was this helpful?

Give Feedback

How can we improve the documentation?

© Copyright IBM Corporation 2025 | Privacy policy | Terms of use Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: Contact IBM