Preparing DSE nodes for Kerberos

Example instructions to install the Kerberos client libraries on DSE nodes, verify DNS entry, system time settings, and set up a service principal.

Use these instructions as guidelines for installing the Kerberos client libraries on DSE nodes, verifying DNS entry, and system time settings. Each node in your cluster requires DNS to be working properly, NTP to be enabled and the system time synchronized, and the Kerberos client libraries installed.

Note: Do not upgrade DataStax Enterprise and set up Kerberos at the same time; see General upgrade restrictions.
Complete the following prerequisites:
  • All KDS requirements have been met, see Kerberos guidelines.
  • If using Oracle Java 8, DataStax recommends using the latest version, however the minimum version is 1.8.0_151
  • Each node has the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files enabled. Refer to Enabling JCE Unlimited. Starting in JDK 8u161, JCE Unlimited is enabled by default. Refer to the Release Notes for JDK 8u161.
    Note: If you are not using the JCE Unlimited Strength Jurisdiction Policy, make sure that your ticket granting principal does not use AES-256.