To authenticate against a Kerberos-enabled cluster, the Kerberos configuration needs to be verified first. The configuration can be found in krb5.conf
file, which includes the locations of KDCs and admin servers of Kerberos's realms of interest, defaults for the current realm and Kerberos applications, and mappings of the host names onto Kerberos's realms.
Check the config file for the correct location of KDC, realm, and so on. You can find this file in the /etc
directory. Alternatively, you can override the default location by setting the KRB5_CONFIG
environment variable.
To connect to a Kerberos cluster, you need to use the keytab
file (pairs of principals and encrypted keys—derived from passwords).
To create a keytab
file using MIT Kerberos, we will use ktutil
here. Remember that encryption types (case-sensitive) should be supported and they should be in krb5.conf
. This is based on the assumption that [email protected]
is...