Creating Kerberos Principals
Add service principals for each node in the DataStax Enterprise cluster.
Add service principals for each node in the DataStax Enterprise cluster.
Procedure
Use kadmin to perform the following steps
-
Launch Kerberos admin shell with an administrator account that has
add
privileges.kadmin -p user_name/admin
-
For each node add two principals:
- Add a service principal for the database using a random key
value:
whereaddprinc -randkey service_name/FQDN
- service_name - Name for the DataStax
Enterprise database principal, such as
dse
. - FQDN - Fully Qualified Domain Name of the host.
Tip: See Principal names and DNS. - service_name - Name for the DataStax
Enterprise database principal, such as
- Add a service principal for HTTP using a random key
value:
where FQDN - Fully Qualified Domain Name of the host.addprinc -randkey HTTP/FQDN
- Add a service principal for the database using a random key
value:
-
Verify that the principals have been added by running the
listprincs
command withinkadmin
:kadmin: listprincs
where node*.example.com is the FQDN and EXAMPLE.COM is your Kerberos realm, which must be all uppercase.HTTP/node1.example.com@EXAMPLE.COM HTTP/node2.example.com@EXAMPLE.COM dse/node1.example.com@EXAMPLE.COM dse/node2.example.com@EXAMPLE.COM kadmin/admin@EXAMPLE.COM