The preferred configuration for integrating with Active
Directory is to use a standalone KDC and create a cross realm trust. I have
done several of these deployments on physical hardware. Recently I built a test
system on our Open Stack lab cluster using a small instance for the KDC. I
followed the instruction in the HDP Security guide for configuring a KDC. When
I created the database I noticed that the krb5util create –s command was
stalling out. I tried several fixes and it took way too long.
I did some searching on Kerberos and learned how the
Kerberos utilities create the random data needed for encryption. The designers
of Kerberos wanted a truly random data generator. They decided to base their
random data generator on OS activities. There is a kernel parameter
/proc/sys/kernel/random/entropy_avail. You can cat this value to see how much
entropy your system has available. Since a VM is mostly idle you will get a
RedHat provides a package called rng-tools that you can
install with yum.
Then start rngd.
sudo chkconfig rngd on
sudo service rngd start
You can cat the value of /proc/sys/kernel/random/entropy_avail
to see if you have increased the entropy in your VM.
You should have a much higher value and you will see that
krb5util create –s complete in a few seconds.