Step 3. Create Kerberos Principal Accounts in Active Directory
Step 3. Create Kerberos Principal Accounts in Active Directory
Create LDAP user accounts for the Kerberos principals in Active Directory. A Kerberos principal is a process, service, or user within the Kerberos realm.
If you set the default_tkt_enctypes property in the krb5.conf configuration file to the 128-bit or 256-bit AES encryption types, configure each account to use the corresponding encryption type in Active Directory.
The following image shows the AES 128-bit encryption option selected in the account properties dialog box for the nodeuser01 user account in Active Directory:
The accounts that you create depend on whether you enable Kerberos at the node level or at the process level.