Kerberos Authentication and the Recovery Appliance

The Recovery Appliance OS user can be vetted with Kerberos authentication.

Follow your data center processes for configuring a Recovery Appliance node to authenticate an OS user with Kerberos.

The Kerberos user must belong to the following groups:
- raadmin
- dbmusers
- oinstall
Confirm your Kerberos-authenticated user is accessible on all of the Recovery Appliance compute server nodes in the cluster.
```
getent passwd <USER_NAME>
```
This confirms the client configuration is correct for the name services and that the users are present.
From the Recovery Appliance, issue the command to add that Kerberos user as an admin_user.
```
racli add admin_user --user_name=USER_NAME [--user_uid=USER_ID --user_gid=GROUP_ID]
```
--user_name

System user name to add to RACLI admin group.

--user_uid

Set the user identifier for the newly created admin user. Value must be >= 1003.

During the installation of RA 19.x or later, you can define the raadmin uid with ra_preinstall.pl.

--user_gid

Set the initial login group identifier for the newly created admin user. A group number must refer to an already existing group. Value must be >= 1003.

During the installation of RA 21.1 or later, you can define the gid with ra_preinstall.pl.