1.2. Installing and Configuring the KDC

To use Kerberos with HDP you can either use an existing KDC or install a new one just for HDP's use. The following gives a very high level description of the installation process. To get more information see RHEL documentation or CentOS documentation or SLES documentation.

To install a new version of the server:

[On RHEL or CentOS]
yum install krb5-server krb5-libs krb5-auth-dialog krb5-workstation 

OR

[On SLES]
zypper install krb5 krb5-server krb5-client
[Note]Note

The host on which you install the KDC must itself be secure.

When the server is installed you must edit the two main configuration files, located by default here:

[On RHEL or CentOS]

  • /etc/krb5.conf

  • /var/kerberos/krb5kdc/kdc.conf.

OR

[On SLES]

  • /etc/krb5.conf

  • /var/lib/kerberos/krb5kdc/kdc.conf

Use these files to specify the realm by changing EXAMPLE.COM and example.com to case-matched version of the domain name for the realm and changing the KDC value from kerberos.example.com to the fully qualified name of the Kerberos server host.

The updated version of /etc/krb5.conf should be copied to every node in your cluster.


loading table of contents...