We have been running spark clients with SSO for a few years and it has been working very well.
We have two domain controllers and our primary domain controller needs retiring. We plan on creating a new DC to takes its place.
My question is if I remove the primary DC that I setup as the KDC will it still work or do I need to configure kerbros on the new DC.
In my testing I have changed the krb5.ini to kdc=old secondaryserver.domain.org and things seem to be working well although the primary server hasn’t been retired.