Configuring Kerberos Connection Information for Clients
Install Kerberos clients and configure the Kerberos realm and connection details.
From your organization’s Kerberos administrator, get the
krb5.conf configured for domain that contains the DataStax cluster.
Install Kerberos client software on each node using one of the following methods:
sudo yum install krb5-workstation krb5-libs krb5-pkinit-openssl
sudo apt-get install krb5-user krb5-config krb5-pkinit
Optional: In the
krb5.conffile, verify that the
libdefaultssettings have Domain Name System (DNS) and realm lookup disabled.
[libdefaults] dns_lookup_kdc = false dns_lookup_realm = false
DataStax recommends not using DNS lookup for Kerberos Key Distribution Center (KDC) and Realm entries. Relying on DNS may negatively impact performance and functionality.
Distribute the configuration file to each node using one of the following methods:
Default location - Put the
krb5.conffile in the
Custom location - When the
krb5.conffile is in a location other than the default, provide the location using environment variable
Refer to MIT Kerberos documentation for full list of default paths.