public string CrossRealmTrustSharedPasswordUri { get; set; }
Optional. The Cloud Storage URI of a KMS encrypted file containing the
shared password between the on-cluster Kerberos realm and the remote
trusted realm, in a cross realm trust relationship.
Optional. The Cloud Storage URI of a KMS encrypted file containing the
password to the user provided key. For the self-signed certificate, this
password is generated by Dataproc.
Optional. The Cloud Storage URI of a KMS encrypted file containing the
password to the user provided keystore. For the self-signed certificate,
this password is generated by Dataproc.
Optional. The Cloud Storage URI of a KMS encrypted file containing the
password to the user provided truststore. For the self-signed certificate,
this password is generated by Dataproc.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eKerberosConfig\u003c/code\u003e class in the Google Cloud Dataproc v1 API is used to specify configurations related to Kerberos for a Dataproc cluster.\u003c/p\u003e\n"],["\u003cp\u003eThis API supports various versions, with version 5.17.0 being the latest, and previous versions going as far back as 3.1.0.\u003c/p\u003e\n"],["\u003cp\u003eKerberos can be enabled on a Dataproc cluster by setting the \u003ccode\u003eEnableKerberos\u003c/code\u003e property to true.\u003c/p\u003e\n"],["\u003cp\u003eThe API allows for cross-realm trust relationships, requiring details like admin server, KDC, realm, and a shared password URI.\u003c/p\u003e\n"],["\u003cp\u003eSensitive files, such as passwords and keys, can be encrypted using KMS, and their URIs are configurable through properties like \u003ccode\u003eKdcDbKeyUri\u003c/code\u003e, \u003ccode\u003eKeyPasswordUri\u003c/code\u003e, and \u003ccode\u003eKmsKeyUri\u003c/code\u003e.\u003c/p\u003e\n"]]],[],null,["# Google Cloud Dataproc v1 API - Class KerberosConfig (5.20.0)\n\nVersion latestkeyboard_arrow_down\n\n- [5.20.0 (latest)](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/latest/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.19.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.19.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.18.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.18.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.17.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.17.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.16.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.16.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.15.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.15.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.14.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.14.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.13.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.13.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.12.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.12.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.11.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.11.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.10.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.10.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.9.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.9.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.8.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.8.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.7.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.7.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.6.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.6.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.5.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.5.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.4.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.4.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.3.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.3.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.2.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.2.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.1.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.1.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [5.0.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/5.0.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [4.0.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/4.0.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [3.4.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/3.4.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [3.3.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/3.3.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [3.2.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/3.2.0/Google.Cloud.Dataproc.V1.KerberosConfig)\n- [3.1.0](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/3.1.0/Google.Cloud.Dataproc.V1.KerberosConfig) \n\n public sealed class KerberosConfig : IMessage\u003cKerberosConfig\u003e, IEquatable\u003cKerberosConfig\u003e, IDeepCloneable\u003cKerberosConfig\u003e, IBufferMessage, IMessage\n\nReference documentation and code samples for the Google Cloud Dataproc v1 API class KerberosConfig.\n\nSpecifies Kerberos related configuration. \n\nInheritance\n-----------\n\n[object](https://learn.microsoft.com/dotnet/api/system.object) \\\u003e KerberosConfig \n\nImplements\n----------\n\n[IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage-1.html)[KerberosConfig](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/latest/Google.Cloud.Dataproc.V1.KerberosConfig), [IEquatable](https://learn.microsoft.com/dotnet/api/system.iequatable-1)[KerberosConfig](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/latest/Google.Cloud.Dataproc.V1.KerberosConfig), [IDeepCloneable](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IDeepCloneable-1.html)[KerberosConfig](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/latest/Google.Cloud.Dataproc.V1.KerberosConfig), [IBufferMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IBufferMessage.html), [IMessage](https://cloud.google.com/dotnet/docs/reference/Google.Protobuf/latest/Google.Protobuf.IMessage.html) \n\nInherited Members\n-----------------\n\n[object.GetHashCode()](https://learn.microsoft.com/dotnet/api/system.object.gethashcode) \n[object.GetType()](https://learn.microsoft.com/dotnet/api/system.object.gettype) \n[object.ToString()](https://learn.microsoft.com/dotnet/api/system.object.tostring)\n\nNamespace\n---------\n\n[Google.Cloud.Dataproc.V1](/dotnet/docs/reference/Google.Cloud.Dataproc.V1/latest/Google.Cloud.Dataproc.V1)\n\nAssembly\n--------\n\nGoogle.Cloud.Dataproc.V1.dll\n\nConstructors\n------------\n\n### KerberosConfig()\n\n public KerberosConfig()\n\n### KerberosConfig(KerberosConfig)\n\n public KerberosConfig(KerberosConfig other)\n\nProperties\n----------\n\n### CrossRealmTrustAdminServer\n\n public string CrossRealmTrustAdminServer { get; set; }\n\nOptional. The admin server (IP or hostname) for the remote trusted realm in\na cross realm trust relationship.\n\n### CrossRealmTrustKdc\n\n public string CrossRealmTrustKdc { get; set; }\n\nOptional. The KDC (IP or hostname) for the remote trusted realm in a cross\nrealm trust relationship.\n\n### CrossRealmTrustRealm\n\n public string CrossRealmTrustRealm { get; set; }\n\nOptional. The remote realm the Dataproc on-cluster KDC will trust, should\nthe user enable cross realm trust.\n\n### CrossRealmTrustSharedPasswordUri\n\n public string CrossRealmTrustSharedPasswordUri { get; set; }\n\nOptional. The Cloud Storage URI of a KMS encrypted file containing the\nshared password between the on-cluster Kerberos realm and the remote\ntrusted realm, in a cross realm trust relationship.\n\n### EnableKerberos\n\n public bool EnableKerberos { get; set; }\n\nOptional. Flag to indicate whether to Kerberize the cluster (default:\nfalse). Set this field to true to enable Kerberos on a cluster.\n\n### KdcDbKeyUri\n\n public string KdcDbKeyUri { get; set; }\n\nOptional. The Cloud Storage URI of a KMS encrypted file containing the\nmaster key of the KDC database.\n\n### KeyPasswordUri\n\n public string KeyPasswordUri { get; set; }\n\nOptional. The Cloud Storage URI of a KMS encrypted file containing the\npassword to the user provided key. For the self-signed certificate, this\npassword is generated by Dataproc.\n\n### KeystorePasswordUri\n\n public string KeystorePasswordUri { get; set; }\n\nOptional. The Cloud Storage URI of a KMS encrypted file containing the\npassword to the user provided keystore. For the self-signed certificate,\nthis password is generated by Dataproc.\n\n### KeystoreUri\n\n public string KeystoreUri { get; set; }\n\nOptional. The Cloud Storage URI of the keystore file used for SSL\nencryption. If not provided, Dataproc will provide a self-signed\ncertificate.\n\n### KmsKeyUri\n\n public string KmsKeyUri { get; set; }\n\nOptional. The URI of the KMS key used to encrypt sensitive\nfiles.\n\n### Realm\n\n public string Realm { get; set; }\n\nOptional. The name of the on-cluster Kerberos realm.\nIf not specified, the uppercased domain of hostnames will be the realm.\n\n### RootPrincipalPasswordUri\n\n public string RootPrincipalPasswordUri { get; set; }\n\nOptional. The Cloud Storage URI of a KMS encrypted file containing the root\nprincipal password.\n\n### TgtLifetimeHours\n\n public int TgtLifetimeHours { get; set; }\n\nOptional. The lifetime of the ticket granting ticket, in hours.\nIf not specified, or user specifies 0, then default value 10\nwill be used.\n\n### TruststorePasswordUri\n\n public string TruststorePasswordUri { get; set; }\n\nOptional. The Cloud Storage URI of a KMS encrypted file containing the\npassword to the user provided truststore. For the self-signed certificate,\nthis password is generated by Dataproc.\n\n### TruststoreUri\n\n public string TruststoreUri { get; set; }\n\nOptional. The Cloud Storage URI of the truststore file used for SSL\nencryption. If not provided, Dataproc will provide a self-signed\ncertificate."]]
