Configuring Kerberos Connection Information for Clients
Install Kerberos clients and configure the Kerberos realm and connection details.
Prerequisites
From your organization’s Kerberos administrator, get the krb5.conf configured for domain that contains the DataStax cluster.
Procedure
-
Install Kerberos client software on each node using one of the following methods:
-
Tarball-based systems:
wget http://web.mit.edu/Kerberos/dist/krb5/1.17/krb5-1.17.tar.gz
-
RHEL-based systems:
sudo yum install krb5-workstation krb5-libs krb5-pkinit-openssl
-
Debian-based systems:
sudo apt-get install krb5-user krb5-config krb5-pkinit
-
-
Optional: In the
krb5.conffile, verify that thelibdefaultssettings have Domain Name System (DNS) and realm lookup disabled.[libdefaults] dns_lookup_kdc = false dns_lookup_realm = falseDataStax recommends not using DNS lookup for Kerberos Key Distribution Center (KDC) and Realm entries. Relying on DNS may negatively impact performance and functionality.
-
Distribute the configuration file to each node using one of the following methods:
-
Default location - Put the
krb5.conffile in the/etcdirectory. -
Custom location - When the
krb5.conffile is in a location other than the default, provide the location using environment variableKRB5_CONFIG.export KRB5_CONFIG="path_to_file"Refer to MIT Kerberos documentation for full list of default paths.
-
