Cloudera Docs

Configure Kerberos

All Cloudera Operational Databases (CODs) are secured with Kerberos-based authentication, meaning that only authorized users can connect to your database. All HBase and Phoenix Thick JDBC clients must have a proper Kerberos configuration on the host where they run a client.

  1. Run the following command to obtain the necessary Kerberos information and a sufficient krb5.conf file encoded with Base64 : 
    $ cdp opdb get-client-connectivity --environment-name [***YOUR ENVIRONMENT***] \
		--database-name [***YOUR DATABASE NAME***] | jq -r \
		‘.kerberosConfiguration.krb5Conf’ | base64 --decode
  2. Copy the output of the command.
  3. Add the the contents into the /etc/krb5.conf file on your edge node.
Validate that Kerberos is correctly set up. Use the kinit command to validate that you are able to obtain a Kerberos ticket:
$ kinit [***CDP WORKLOAD NAME***]
Password: [***CDP WORKLOAD PASSWORD***]

If you successfully authenticate, you will not receive an error and will be able to validate that you have a ticket using the klist command.