Setting up Kerberos
DataStax Enterprise (DSE) authentication with Kerberos protocol uses Kerberos tickets to prove identity for users and applications without the need to pass credentials. This enables a deployment to have fewer attack vectors and can eliminate the need to embed passwords in configuration files.
Also see DataStax Enterprise security checklists.
- Kerberos guidelines
Provides DataStax recommendations and requirements for setting up Kerberos.
- Enabling JCE Unlimited
To enable JCE Unlimited, use the
crypto.policySecurity property introduced in Oracle’s JDK 8u151.
- Preparing DSE nodes for Kerberos
Example instructions to install the Kerberos client libraries on DSE nodes, verify DNS entry, system time settings, and set up a service principal.