Hadoop Security Guide
Also available as:
PDF
loading table of contents...

Installing and Configuring the KDC

To use Kerberos with HDP, either use an existing KDC or install a new one for HDP only. The following gives a very high level description of the installation process. For more information, see RHEL documentation , CentOS documentation, SLES documentation. or Ubuntu and Debian documentation.

  1. Install the KDC server:

    • On RHEL, CentOS, or Oracle Linux, run:

      yum install krb5-server krb5-libs krb5-auth-dialog krb5-workstation
    • On SLES, run:

      zypper install krb5 krb5-server krb5-client
    • On Ubuntu or Debian, run:

      apt-get install krb5 krb5-server krb5-client
    [Note]Note

    The host on which you install the KDC must itself be secure.

  2. When the server is installed you must edit the two main configuration files.

    Update the KDC configuration by replacing EXAMPLE.COM with your domain and kerberos.example.com with the FQDN of the KDC host. Configuration files are in the following locations:

    • On RHEL, CentOS, or Oracle Linux:

      /etc/krb5.conf
      /var/kerberos/krb5kdc/kdc.conf
    • On SLES:

      /etc/krb5.conf
      /var/lib/kerberos/krb5kdc/kdc.conf
    • On Ubuntu or Debian:

      /etc/krb5.conf
      /var/kerberos/krb5kdc/kdc.conf
  3. Copy the updated krb5.conf to every cluster node.