Kerberos settings

olivan139 · May 22, 2024, 10:40am

I have a question about setting Kerberos. I’ve seen a commit, where --with-gssapi flag was added. Since there is still no documentation about Kerberos(due to this issue being open), I have a question, which nodes should be set and added as principals for Kerberos? All nodes or only masters? As far as I understood, I can connect and execute queries on any node of the cluster, so each node should be added as a principal?

Thank you in advance!

dorian_yugabyte · May 22, 2024, 1:07pm

It should be all nodes or all yb-tservers (since client connects only to yb-tservers).

olivan139 · May 22, 2024, 1:11pm

The principal should be yugabyte/hostname or postgres/hostname? And In which config file should I pass the path to keytab?

dorian_yugabyte · May 22, 2024, 2:02pm

Can you check the config in this doc that was used to test it when the feature was developed Kerberos/GSSAPI Setup on dev-server - Public - Google Docs ?

Topic		Replies	Views
Deploy questions General	6	653	July 19, 2021
I am not able to perform operations using ./bin/admin after enabling encryption at transit General	4	568	August 12, 2021
When leader is shut down, a new leader is not elected General	5	765	September 20, 2021
How can we setup 3 node master master cluster in one data center? General	4	865	August 12, 2021
Failed to determine new Master General	2	113	May 8, 2024

Kerberos settings

Related Topics