# Kinit Auxiliary Service
Kinit auxiliary service is a critical service both for authentication between Kyuubi client/server
and for authentication between Kyuubi server/Hadoop cluster in a Kerberos environment.
It will get a Kerberos Ticket Cache from KDC and periodically re-kinit to keep the Ticket Cache fresh.
**Note**:
- Kinit auxiliary service is critical to Kyuubi Kerberos authentication, but not vice versa.
- Kinit auxiliary service can also work with other authentication mode.
## Installing and Configuring the Kerberos Clients
Usually, Kerberos client is installed as default. You can validate it using `klist` tool.
```bash
$ klist -V
Kerberos 5 version 1.15.1
```
If the client is not installed, you should install it ahead based on the OS platform that you prepare to run Kyuubi.
`krb5.conf` is a configuration file for tuning up the creation of Kerberos ticket cache.
The default location is `/etc` on Linux,
and we can use `KRB5_CONFIG` environmental variable to overwrite the location of the configuration file.
Replace or configure `krb5.conf` to point to the KDC.
## Kerberos Ticket
Kerberos client is aimed to generate a Ticket Cache file.
Then, Kyuubi can use this Ticket Cache to authenticate with those kerberized services,
e.g. HDFS, YARN, and Hive Metastore server, etc.
A Kerberos ticket cache contains a service and a client principal names,
lifetime indicators, flags, and the credential itself, e.g.
```bash
$ klist
Ticket cache: FILE:/tmp/krb5cc_5441
Default principal: spark/kyuubi.host.name@KYUUBI.APACHE.ORG
Valid starting Expires Service principal
2020-11-25T13:17:18 2020-11-26T13:17:18 krbtgt/KYUUBI.APACHE.ORG@KYUUBI.APACHE.ORG
renew until 2020-12-02T13:17:18
```
Kerberos credentials can be stored in Kerberos ticket cache.
For example, `/tmp/krb5cc_5441` in the above case.
They are valid for relatively short period. So, we always need to refresh it for long-running services like Kyuubi.
## Configurations
| Key | Default | Meaning | Since |
|----------------------------------------|--------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------|
| kyuubi.kinit.principal
|
kyuubi.kinit.keytab
| kyuubi.kinit.interval
| kyuubi.kinit.max.attempts
|