Configure Kerberos authentication based on MIT Kerberos via ADCM

Overview

To kerberize a cluster using MIT KDC, follow the steps below:

  1. In ADCM web UI, go to the Clusters page. Select an installed and prepared ADPS cluster, and run the Manage Kerberos action.

    Running Manage Kerberos
    Manage Kerberos
  2. In the pop-up window, turn on the Existing MIT KDC option.

    Kerberos activation options
    Choose the relevant option
  3. Fill in the prepared MIT Kerberos parameters.

    MIT Kerberos parameters
    MIT KDC fields
  4. Click Run, wait for the job to complete and proceed to setting up Kerberos in the cluster.

    Activating MIT Kerberos
    Run the action

MIT Kerberos parameters

Parameter Description

Authentication on WEB UIs

Enables Kerberos authentication on Web UIs

KDC hosts

One or more MIT KDC hosts

Realm

A Kerberos realm — a network containing KDC hosts and clients

Domains

Domains associated with hosts

Kadmin server

A host where kadmin is running

Kadmin principal

A principal name used to connect via kadmin, for example admin@RU-CENTRAL1.INTERNAL

Kadmin password

A principal password used to connect via kadmin

Keytabs directory

Directory of the keytab file that contains one or several principals along with their keys

Additional realms

Additional Kerberos realms

Trusted Active Directory server

An Active Directory server for one-way cross-realm trust from the MIT Kerberos KDC

Trusted Active Directory realm

An Active Directory realm for one-way cross-realm trust from the MIT Kerberos KDC

Found a mistake? Seleсt text and press Ctrl+Enter to report it