Set up Active Directory for Kerberos

If the cluster is kerberized using the approach with Active Directory, Kerberos requests the information from KDC on the accounts of administrator and all users. After this information is obtained, Kerberos automatically creates principals for every user and service. You can create any configuration for your cluster, while every user and service will have the corresponding principal.

Additionally to Active Directory, the scheme uses ADPS to manage users permissions. The Active Directory principals database should be synchronized with the ADPS principals database. This synchronization is performed automatically before the cluster is kerberized. Every further change to the Active Directory principals database is synchronized with the ADPS database automatically.

In this case, while working with an ADH cluster, all principals receive TGT from KDC AD.

Found a mistake? Seleсt text and press Ctrl+Enter to report it