Creating Kerberos Principals

Add service principals for each node in the DataStax Enterprise cluster.

Procedure

Use kadmin to perform the following steps:

  1. Launch Kerberos admin shell with an administrator account that has add privileges.

    kadmin -p <user_name>/admin

  2. For each node add two principals:

    • Add a service principal for the database using a random key value:

      addprinc -randkey <service_name>/<FQDN>

      where

      • <service_name> - Name for the DataStax Enterprise database principal, such as dse.

      • <FQDN> - Fully Qualified Domain Name of the host.

        See Principal names and DNS.

    • Add a service principal for HTTP using a random key value:

      addprinc -randkey HTTP/<FQDN>

      where <FQDN> - Fully Qualified Domain Name of the host.

  3. Verify that the principals have been added by running the listprincs command within kadmin:

    kadmin: listprincs
    HTTP/node1.example.com@EXAMPLE.COM
HTTP/node2.example.com@EXAMPLE.COM
dse/node1.example.com@EXAMPLE.COM
dse/node2.example.com@EXAMPLE.COM
kadmin/admin@EXAMPLE.COM

    where node<*>.example.com is the FQDN and EXAMPLE.COM is your Kerberos realm, which must be all uppercase.

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2024 DataStax | Privacy policy | Terms of use

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com