Kerberos settings

I have a question about setting Kerberos. I’ve seen a commit, where --with-gssapi flag was added. Since there is still no documentation about Kerberos(due to this issue being open), I have a question, which nodes should be set and added as principals for Kerberos? All nodes or only masters? As far as I understood, I can connect and execute queries on any node of the cluster, so each node should be added as a principal?

Thank you in advance!

It should be all nodes or all yb-tservers (since client connects only to yb-tservers).

1 Like

The principal should be yugabyte/hostname or postgres/hostname? And In which config file should I pass the path to keytab?

Can you check the config in this doc that was used to test it when the feature was developed Kerberos/GSSAPI Setup on dev-server - Public - Google Docs ?