OpsCenter Kerberos configuration options

This reference lists the available OpsCenter configuration options for Kerberos.

The OpsCenter console is the most convenient way to configure basic OpsCenter connection settings for authentication and encryption.

Cluster configuration for Kerberos

You can set these options in the CLUSTER_NAME.conf file located at /etc/opscenter/clusters/ for package installations, or at INSTALL_DIRECTORY/conf/clusters/ for tarball installations.

  • [kerberos] default_service

    The default Kerberos service name (Example: cassandra).

  • [kerberos] default_hostname

    The default Kerberos hostname.

  • [kerberos] default_client_principal

    The default Kerberos client principal (Example: cassandra@realm).

  • [kerberos] default_client_user

    The default Kerberos client user.

  • [kerberos] opscenterd_client_principal

    The OpsCenter client principal in Kerberos (Example: user@realm).

  • [kerberos] opscenterd_keytab_location

    Full path to the keytab containing keys for opscenterd_client_principal on the OpsCenter machine.

  • [kerberos] agent_client_principal

    The DataStax agent client principal in Kerberos (Example: user@realm).

  • [kerberos] agent_keytab_location

    Full path to the keytab containing keys for agent_client_principal on the DataStax agent machine.

  • [kerberos] debug

    Whether to output debug messages during Kerberos connection attempts from OpsCenter.

Agent configuration for Kerberos

You can set these options in the address.yaml file on each node. This file is located at /var/lib/datastax-agent/conf/address.yaml for package installations, or at INSTALL_DIRECTORY/conf/address.yaml for tarball installations.

  • kerberos_service

    The Kerberos service name to use when using Kerberos authentication within DSE. Example: kerberos_service: cassandra-kerberos

  • kerberos_keytab_location

    The Kerberos keytab location when using Kerberos authentication within DSE. Example: kerberos_keytab_location: /path/to/keytab.keytab

  • kerberos_client_principal

    The Kerberos client principal to use when using Kerberos authentication within DSE. Example: kerberos_client_principal: cassandra@hostname

See also

Was this helpful?

Give Feedback

How can we improve the documentation?

© 2025 DataStax, an IBM Company | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com