Install and Configure the KDC (Non-Ambari)

To use Kerberos with HDP, either use an existing KDC or install a new one for HDP only. This section gives a very high level description of the installation process when setting up Kerberos for non-Ambari clusters.

Install the KDC server:

OS Flavor	Command
RHEL, CentOS, or Oracle Linux	`yum install krb5-server krb5-libs krb5-auth-dialog krb5-workstation`
SLES	`zypper install krb5 krb5-server krb5-client`
Ubuntu or Debian	`apt-get install krb5 krb5-server krb5-client`

	Note
	The host on which you install the KDC must itself be secure.

When the server is installed you must edit the two main configuration files. Update the KDC configuration by replacing EXAMPLE.COM with your domain and kerberos.example.com with the FQDN of the KDC host. Configuration files are in the following locations:

OS Flavor Configuration File Location

RHEL, CentOS, or Oracle Linux

OS Flavor	Configuration File Location
RHEL, CentOS, or Oracle Linux	`/etc/krb5.conf` `/var/kerberos/krb5kdc/kdc.conf`
SLES	`/etc/krb5.conf` `/var/lib/kerberos/krb5kdc/kdc.conf`
Ubuntu or Debian	`/etc/krb5.conf` `/var/kerberos/krb5kdc/kdc.conf`

/etc/krb5.conf

/var/kerberos/krb5kdc/kdc.conf

SLES

/etc/krb5.conf

/var/lib/kerberos/krb5kdc/kdc.conf

Ubuntu or Debian

/etc/krb5.conf

/var/kerberos/krb5kdc/kdc.conf

Copy the updated krb5.conf to every cluster node.