Hadoop Distributed File System Sources > Before you begin > Configure Kerberos authentication
  

Configure Kerberos authentication

If you use Kerberos authentication, configure configuration files in Secure Agent to work with the Kerberos Key Distribution Center (KDC).
Ensure that you know the location of the following configuration files on your machine:
    1Open the hosts file located in the following directory on the Secure Agent machine: /etc/hosts
    2Add the KDC server IP address to the hosts file in the following format: <KDC Server IP address> <Fully Qualified Name of the KDC server> <Alias Name>
    3Save and close the hosts file.
    4Copy the krb5.conf file to the following directory: <Secure Agent installation directory>/jdk8/jre/lib/security
    5Navigate to the directory on the Hadoop cluster node where you store the following files:
    6Copy KEYTAB and XML files from the Hadoop cluster node to a local Secure Agent directory, for example : /data/Kerberos
    You can modify the Kerberos configuration file.
    The following code shows a sample Kerberos configuration file:
    [libdefaults]
    default_realm = *****
    dns_lookup_kdc = false
    dns_lookup_realm = false
    ticket_lifetime = 86400
    renew_lifetime = 604800
    forwardable = true
    default_tgs_enctypes = rc4-hmac
    default_tkt_enctypes = rc4-hmac
    permitted_enctypes = rc4-hmac
    udp_preference_limit = 1
    kdc_timeout = 3000
    allow_weak_crypto=true
    [realms]
    <domain name> = {
    kdc = *****
    admin_server = *****
    }
    [domain_realm]
    Note:
    If the Kerberos encryption algorithms are not compatible with Java Standard Edition version 11, you can add the
    allow_weak_crypto=true
    property in the Kerberos configuration file.
    7Restart the Secure Agent machine.