Configuring Kerberos Connection Information for Clients

Install Kerberos clients and configure the Kerberos realm and connection details.

Prerequisites

From your organization’s Kerberos administrator, get the krb5.conf configured for domain that contains the DataStax cluster.

Install Kerberos client software on each node using one of the following methods:

Tarball-based systems:

wget http://web.mit.edu/Kerberos/dist/krb5/1.17/krb5-1.17.tar.gz

RHEL-based systems:

sudo yum install krb5-workstation krb5-libs krb5-pkinit-openssl

Debian-based systems:

sudo apt-get install krb5-user krb5-config krb5-pkinit

Optional: In the krb5.conf file, verify that the libdefaults settings have Domain Name System (DNS) and realm lookup disabled.
```
[libdefaults]
dns_lookup_kdc = false
dns_lookup_realm = false
```
DataStax recommends not using DNS lookup for Kerberos Key Distribution Center (KDC) and Realm entries. Relying on DNS may negatively impact performance and functionality.
Distribute the configuration file to each node using one of the following methods:
- Default location - Put the krb5.conf file in the /etc directory.
- Custom location - When the krb5.conf file is in a location other than the default, provide the location using environment variable KRB5_CONFIG.
  export KRB5_CONFIG="path_to_file"
  Refer to MIT Kerberos documentation for full list of default paths.