Non-Ambari Cluster Installation Guide
Also available as:
loading table of contents...

Creating the Database and Setting Up the First Administrator

  1. Use the utility kdb5_util to create the Kerberos database:

    • On RHEL, CentOS, or Oracle Linux:

      /usr/sbin/kdb5_util create -s
    • On SLES:

      kdb5_util create -s
  2. Set up the KDC Access Control List (ACL):

    • On RHEL, CentOS, or Oracle Linux add administrators to /var/kerberos/ krb5kdc/kadm5.acl.

    • On SLES, add administrators to /var/lib/kerberos/krb5kdc/kadm5.acl.


      For example, the following line grants full access to the database for users with the admin extension: */admin@EXAMPLE.COM *

  3. Start kadmin for the change to take effect.

  4. Create the first user principal. This must be done at a terminal window on the KDC machine itself, while you are logged in as root. Notice the .local. Normal kadmin usage requires that a principal with appropriate access already exist. The kadmin.local command can be used even if no principals exist:

    /usr/sbin/kadmin.local -q "addprinc $username/admin

    Now this user can create additional principals either on the KDC machine or through the network. The following instruction assumes that you are using the KDC machine.

  5. On the KDC, start Kerberos:

    • On RHEL, CentOS, or Oracle Linux:

      /sbin/service krb5kdc start
      /sbin/service kadmin start
    • On SLES:

      rckrb5kdc start
      rckadmind start