Configure Kerberos

All Cloudera Operational Databases (CODs) are secured with Kerberos-based authentication, meaning that only authorized users can connect to your database. All HBase and Phoenix Thick JDBC clients must have a proper Kerberos configuration on the host where they run a client.

  1. Run the following command to obtain the necessary Kerberos information and a sufficient krb5.conf file encoded with Base64 :
    $ cdp opdb describe-client-connectivity --environment-name <your_environment> \
    		--database-name<your_database> | jq -r \
    		‘.kerberosConfiguration.krb5Conf’ | base64 --decode
    
  2. Copy the output of the command.
  3. Add the the contents into the /etc/krb5.conf file on your edge node.
Validate that Kerberos is correctly set up. Use the kinit command to validate that you are able to obtain a Kerberos ticket:
$ kinit <cdp_workload_name>
Password: <cdp_workload_password>

If you successfully authenticate, you do not receive an error and can validate that you have a ticket using the klist command.