The preferred configuration for integrating with Active Directory is to use a standalone KDC and create a cross realm trust. I have done several of these deployments on physical hardware. Recently I built a test system on our Open Stack lab cluster using a small instance for the KDC. I followed the instruction in the HDP Security guide for configuring a KDC. When I created the database I noticed that the krb5util create –s command was stalling out. I tried several fixes and it took way too long. I did some searching on Kerberos and learned how the Kerberos utilities create the random data needed for encryption. The designers of Kerberos wanted a truly random data generator. They decided to base their random data generator on OS activities. There is a kernel parameter /proc/sys/kernel/random/entropy_avail. You can cat this value to see how much entropy your system has available. Since a VM is mostly idle you will get a small value. RedHat provides a package called rng-tools that you can install with yum. sudo yum install rng-tools Then start rngd. sudo chkconfig rngd on sudo service rngd start You can cat the value of /proc/sys/kernel/random/entropy_avail to see if you have increased the entropy in your VM. You should have a much higher value and you will see that krb5util create –s complete in a few seconds. Reference documentation from RedHat. https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Encryption-Using_the_Random_Number_Generator.html ... View more