Security Reference
Also available as:
PDF
loading table of contents...

Install and Configure the KDC (Non-Ambari)

To use Kerberos with HDP, either use an existing KDC or install a new one for HDP only. This section gives a very high level description of the installation process when setting up Kerberos for non-Ambari clusters.

  1. Install the KDC server:
    OS FlavorCommand
    RHEL, CentOS, or Oracle Linux yum install krb5-server krb5-libs krb5-auth-dialog krb5-workstation
    SLES zypper install krb5 krb5-server krb5-client
    Ubuntu or Debian apt-get install krb5 krb5-server krb5-client
    Note
    Note

    The host on which you install the KDC must itself be secure.

  2. When the server is installed you must edit the two main configuration files. Update the KDC configuration by replacing EXAMPLE.COM with your domain and kerberos.example.com with the FQDN of the KDC host. Configuration files are in the following locations:
    OS FlavorConfiguration File Location
    RHEL, CentOS, or Oracle Linux

    /etc/krb5.conf

    /var/kerberos/krb5kdc/kdc.conf

    SLES

    /etc/krb5.conf

    /var/lib/kerberos/krb5kdc/kdc.conf

    Ubuntu or Debian

    /etc/krb5.conf

    /var/kerberos/krb5kdc/kdc.conf

  3. Copy the updated krb5.conf to every cluster node.