Database Reference
In-Depth Information
.hcluster = MYREALM.COM
hcluster = MYREALM.COM
For our configuration, we are using
MYREALM.COM
as our realm. In this config-
uration,
node1.hcluster
is the KDC.
4. Next, update the
kdc.conf
files in the
/var/kerberos/krb5kdc/
folder
from the
root
user as shown in the following code:
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
MYREALM.COM = {
master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal
aes128-cts:normal des3-hmac-sha1:normal
arcfour-hmac:normal des-hmac-sha1:normal
des-cbc-md5:normal des-cbc-crc:normal
}
5. Next, we need to get the Java Cryptography Extension policy files from Oracle.
These files are needed for our configuration as we are using the
AES256-CTS
type of cryptography for authentication. These policy files are not part of the
Java Runtime Environment
(
JRE
) by default and need to be explicitly down-
loaded. The policy files can be downloaded from
http://www.oracle.com/technet-
6. After downloading the
UnlimitedJCEPolicyJDK7.zip
file, unzip the file
to get the following two files:
◦
local_policy.jar
◦
Us_export_policy.jar
7. On installing Cloudera Manager, Java was installed in
/usr/java/
jdk1.7.0_45-cloudera/
. Place the extracted files as the
root
user under
the
/usr/java/jdk1.7.0_45-cloudera/jre/lib/security/
dir-
ectory on all the machines that are part of the cluster. The JDK folder may be dif-
ferent for your installation, so please verify the path before placing the files. You