Enabling Kerberos for the Transform Service

If you have Kerberos, you need to manually enable it for the Transform Service after installing.

The Transform Service requires the Kerberos utility k5start to automatically refresh its ticket at regular intervals; otherwise, it won't be able to communicate with other Kerberized services in your cluster. k5start is installed automatically on Dgraph nodes, but must be manually copied to all Transform Service nodes after installing.

To enable Kerberos for the Transform Service:

Copy k5start from $BDD_HOME/dgraph/bin/ on one of your Dgraph nodes to $BDD_HOME/transformservice/ on all of your Transform Service nodes.
On each Transform Service node, start k5start by running the following command from $BDD_HOME/transformservice/:
```
./k5start -f $KERBEROS_KEYTAB_PATH -K <ticket_refresh> 
-l <ticket_lifetime> $KERBEROS_PRINCIPAL -b > <logfile> 2>&1
```
Where:
- $KERBEROS_KEYTAB_PATH and $KERBEROS_PRINCIPAL are the values of those properties defined in bdd.conf.
- <ticket_refresh> is the rate at which the Transform Service's Kerberos ticket is refreshed, in minutes. For example, a value of 60 would set its ticket to be refreshed every 60 minutes, or every hour. You can optionally use the value for KERBEROS_TICKET_REFRESH_INTERVAL in bdd.conf.
- <ticket_lifetime> is the amount of time the Transform Service's Kerberos ticket is valid for. This should be given as a number followed by a supported unit of time: s, m, h, or d. For example, 10h (10 hours) or 10m (10 minutes). You can optionally use the value for KERBEROS_TICKET_LIFETIME in bdd.conf.
- <logfile> is the absolute path to the log file you want k5start to write to.
Optionally, configure k5start to run as a service on all Transform Service nodes.
This will enable it to start automatically after a node reboot. Otherwise, you'll have to rerun the above command each time a Transform Service node is rebooted.