To use Kerberos with HDP you can either use an existing KDC or install a new one just for HDP's use. The following gives a very high level description of the installation process. To get more information see RHEL documentation or CentOS documentation or SLES documentation.
To install a new version of the server:
For RHEL or CentOS
yum install krb5-server krb5-libs krb5-auth-dialog krb5-workstation
For SLES
zypper install krb5 krb5-server krb5-client
Note | |
---|---|
The host on which you install the KDC must itself be secure. |
When the server is installed you must edit the two main configuration files, located by default here:
For RHEL or CentOS
/etc/krb5.conf
/var/kerberos/krb5kdc/kdc.conf
.
For SLES
/etc/krb5.conf
/var/lib/kerberos/krb5kdc/kdc.conf
Use these files to specify the realm by changing EXAMPLE.COM and example.com to
case-matched version of the domain name for the realm and changing the KDC value
from kerberos.example.com
to the fully qualified name of the
Kerberos server host.
The updated version of /etc/krb5.conf
should be copied to
every node in your cluster.