1.2. Installing and Configuring the KDC

To use Kerberos with HDP you can either use an existing KDC or install a new one just for HDP's use. The following gives a very high level description of the installation process. To get more information see RHEL documentation or CentOS documentation or SLES documentation.

To install a new version of the server:

  • For RHEL or CentOS

    yum install krb5-server krb5-libs krb5-auth-dialog  krb5-workstation 
  • For SLES

    zypper install krb5 krb5-server krb5-client

The host on which you install the KDC must itself be secure.

When the server is installed you must edit the two main configuration files, located by default here:

For RHEL or CentOS

  • /etc/krb5.conf

  • /var/kerberos/krb5kdc/kdc.conf.


  • /etc/krb5.conf

  • /var/lib/kerberos/krb5kdc/kdc.conf

Use these files to specify the realm by changing EXAMPLE.COM and example.com to case-matched version of the domain name for the realm and changing the KDC value from kerberos.example.com to the fully qualified name of the Kerberos server host.

The updated version of /etc/krb5.conf should be copied to every node in your cluster.

loading table of contents...