Configuring Kerberos connection information for clients
Install Kerberos clients and configure the Kerberos connection details.
Install Kerberos clients and configure the Kerberos realm and connection details.
Prerequisites
Procedure
-
Install Kerberos client software on each node using one of the following
methods:
- Tarball-based
systems:
wget http://web.mit.edu/Kerberos/dist/krb5/1.17/krb5-1.17.tar.gz
- RHEL-based
systems:
sudo yum install krb5-workstation krb5-libs krb5-pkinit-openssl
- Debian-based
systems:
sudo apt-get install krb5-user krb5-config krb5-pkinit
- Tarball-based
systems:
-
(Optional) In the krb5.conf, verify that the
libdefaults
settings have DNS and realm lookup disabled.[libdefaults] dns_lookup_kdc = false dns_lookup_realm = false
Tip: DataStax recommends not using DNS lookup for KDC and REALM entries. Relying on DNS may negative impact performance and functionality. -
Distribute the configuration file to each node using one of the following
methods:
- Default location - Put the krb5.conf file in
the
/etc
directory. - Custom location - When the krb5.conf file is
in a location other than default, provide the location using environment
variable
KRB5_CONFIG
.export KRB5_CONFIG="path_to_file"
Tip: Refer to MIT Kerberos documentation for full list of default paths.
- Default location - Put the krb5.conf file in
the