Prepare Kerberos authentication-enabled clusters for replication

Before you create replication policies between clusters that use Kerberos authentication, you must prepare the source and destination clusters.

On the hosts in the destination cluster, ensure that the krb5.conf file (typically located at /etc/kbr5.conf) on each host has the following information:
1. The KDC information for the source cluster's Kerberos realm. For example:
```
[realms]
 SRC.EXAMPLE.COM = {
  kdc = kdc01.src.example.com:88
  admin_server = kdc01.example.com:749
  default_domain = src.example.com
 }
 DST.EXAMPLE.COM = {
  kdc = kdc01.dst.example.com:88
  admin_server = kdc01.dst.example.com:749
  default_domain = dst.example.com
 }
```
2. Realm mapping for the source cluster domain. You configure these mappings in the [domain_realm] section.
  For example:
```
[domain_realm]
 .dst.example.com = DST.EXAMPLE.COM
 dst.example.com = DST.EXAMPLE.COM
 .src.example.com = SRC.EXAMPLE.COM
 src.example.com = SRC.EXAMPLE.COM
```
  caution
  If you have a scenario where the hostname(s) are inconsistent, you must go to Cloudera Manager > Host > All Hosts and ensure that all those hosts are covered in a similar manner as seen in domain_realm section.
On the destination cluster, perform the following steps to add the realm of the source cluster to the Trusted Kerberos Realms configuration property:
1. Go to the Cloudera Manager > Clusters > CORE_SETTINGS page.
2. Search for the Trusted Kerberos Realms property, and enter the source cluster realm.
3. Click Save Changes.
Go to the Administration > Settings page.
Search for the Domain Name(s) field, and enter any domain or host names you want to map to the destination cluster KDC. Add as many entries as you need. The entries in this property are used to generate the domain_realm section in krb5.conf file.
If domain_realm is configured in the Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf property, remove the entries for it.
Click Save Changes.