diff --git a/ambari-agent/Dockerfile b/ambari-agent/Dockerfile
index 92ceb0c..ba2a7de 100644
--- a/ambari-agent/Dockerfile
+++ b/ambari-agent/Dockerfile
@@ -5,7 +5,6 @@ MAINTAINER Hortonworks
 ADD ambari.repo /etc/yum.repos.d/
 
 RUN yum install -y  ambari-agent && yum clean all
-#RUN find /etc/rc.d/rc* -name "*ambari-agent" | xargs rm -v
 
 # add a custom folder to the hadoop classpath
 RUN mkdir -p /usr/lib/hadoop/lib
@@ -23,9 +22,6 @@ RUN sed -i "s/\"ifconfig\"/\"ifconfig eth0\"/" /usr/lib/python2.6/site-packages/
 ADD dash-azure-storage-2.2.0.jar /usr/lib/hadoop/lib/
 ADD gcs-connector-latest-hadoop2.jar /usr/lib/hadoop/lib/
 
-ADD init/init-agent.sh /opt/ambari-agent/init-agent.sh
-RUN chmod u+x /opt/ambari-agent/init-agent.sh
-
 ADD init/ambari-agent.service /etc/systemd/system/ambari-agent.service
 
 RUN systemctl enable ambari-agent
diff --git a/ambari-agent/docker_shared/etc/resolv.conf b/ambari-agent/docker_shared/etc/resolv.conf
new file mode 100644
index 0000000..a8e7a07
--- /dev/null
+++ b/ambari-agent/docker_shared/etc/resolv.conf
@@ -0,0 +1,2 @@
+nameserver 172.17.0.2
+search service.consul node.dc1.consul
diff --git a/ambari-agent/init/init-agent.sh b/ambari-agent/docker_shared/init-agent.sh
similarity index 56%
rename from ambari-agent/init/init-agent.sh
rename to ambari-agent/docker_shared/init-agent.sh
index 055de17..78a65f8 100755
--- a/ambari-agent/init/init-agent.sh
+++ b/ambari-agent/docker_shared/init-agent.sh
@@ -10,29 +10,6 @@ debug() {
   [[ "DEBUG" ]]  && echo "[DEBUG] $@" 1>&2
 }
 
-get_nameserver_addr() {
-  if [[ "$NAMESERVER_ADDR" ]]; then
-    echo $NAMESERVER_ADDR
-  else
-    if ip addr show docker0 &> /dev/null; then
-      ip addr show docker0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1
-    else
-      ip ro | grep default | cut -d" " -f 3
-    fi
-  fi
-}
-
-# --dns isn't available for: docker run --net=host
-# sed -i /etc/resolf.conf fails:
-# sed: cannot rename /etc/sedU9oCRy: Device or resource busy
-# here comes the tempfile workaround ...
-local_nameserver() {
-  cat>/etc/resolv.conf<<EOF
-nameserver $(get_nameserver_addr)
-search service.consul node.dc1.consul
-EOF
-}
-
 ambari_server_addr() {
   sed -i "s/^hostname=.*/hostname=${AMBARI_SERVER_ADDR}/" /etc/ambari-agent/conf/ambari-agent.ini
 }
@@ -46,6 +23,9 @@ reorder_dns_lookup() {
 }
 
 main() {
+  ln -s /docker_shared/etc/resolv.conf /tmp/resolv.conf
+  cp /tmp/resolv.conf /etc/resolv.conf
+
   [[ "$USE_CONSUL_DNS" == "true" ]] && local_nameserver
   ambari_server_addr
   reorder_dns_lookup
diff --git a/ambari-agent/init/ambari-agent.service b/ambari-agent/init/ambari-agent.service
index d9aceee..aec145c 100644
--- a/ambari-agent/init/ambari-agent.service
+++ b/ambari-agent/init/ambari-agent.service
@@ -13,6 +13,6 @@ IgnoreSIGPIPE=no
 KillMode=process
 GuessMainPID=no
 RemainAfterExit=yes
-ExecStartPre=/opt/ambari-agent/init-agent.sh
+ExecStartPre=/docker_shared/init-agent.sh
 ExecStart=/etc/rc.d/init.d/ambari-agent start
 ExecStop=/etc/rc.d/init.d/ambari-agent stop
diff --git a/ambari-functions b/ambari-functions
index 901a1c0..270f6bb 100644
--- a/ambari-functions
+++ b/ambari-functions
@@ -6,10 +6,16 @@ curl -Lo .amb j.mp/docker-ambari && . .amb
 full documentation: https://github.com/sequenceiq/docker-ambari
 USAGE
 
+: ${WORK_DIR:="/tmp/work_dir/"}
+: ${AMBARI_SERVER_SHARED:="${WORK_DIR}/ambari_server_shared"}
+: ${AMBARI_AGENT_SHARED:="${WORK_DIR}/ambari_agent_shared"}
+: ${KERBEROS:="kerberos"}
+: ${KERBEROS_SHARED:="${WORK_DIR}/kerberos_shared"}
 : ${NODE_PREFIX=amb}
 : ${AMBARI_SERVER_NAME:=${NODE_PREFIX}-server}
 : ${AMBARI_SERVER_IMAGE:="hortonworks/ambari-server:latest"}
 : ${AMBARI_AGENT_IMAGE:="hortonworks/ambari-agent:latest"}
+: ${KERBEROS_IMAGE:="sequenceiq/kerberos:latest"}
 : ${DOCKER_OPTS:=""}
 : ${CONSUL:="${NODE_PREFIX}-consul"}
 : ${CONSUL_IMAGE:="sequenceiq/consul:v0.5.0-v6"}
@@ -20,6 +26,31 @@ USAGE
 : ${EXPOSE_DNS:=false}
 : ${DRY_RUN:=false}
 
+
+init() {
+  mkdir -p $WORK_DIR
+  mkdir -p $AMBARI_SERVER_SHARED
+
+  rm -rf {ambari-server,ambari-agent,docker-kerberos}/docker_shared/ 
+  cp -r docker_shared/etc {ambari-server,ambari-agent,docker-kerberos}/docker_shared/ 
+
+  cp -rf ambari-server/docker_shared/ $AMBARI_SERVER_SHARED
+  cp -rf ambari-agent/docker_shared/ $AMBARI_AGENT_SHARED
+  cp -rf docker-kerberos/docker_shared/ $KERBEROS_SHARED
+}
+
+update-nameserver() {
+  cat>$WORK_DIR/ambari_server_shared/etc/resolv.conf<<EOF
+nameserver $(get-consul-ip)
+search service.consul node.dc1.consul
+EOF
+
+  cat>$WORK_DIR/ambari_agent_shared/etc/resolv.conf<<EOF
+nameserver $(get-consul-ip)
+search service.consul node.dc1.consul
+EOF
+}
+
 run-command() {
   CMD="$@"
   if [[ "$DRY_RUN" == "false" ]]; then
@@ -43,13 +74,17 @@ get-consul-ip() {
   get-host-ip $CONSUL
 }
 
+get-consul-base-url() {
+  echo "http://127.0.0.1:8500"
+}
+
 get-host-ip() {
   HOST=$1
   docker inspect --format="{{.NetworkSettings.IPAddress}}" ${HOST}
 }
 
 amb-members() {
-  curl http://$(get-consul-ip):8500/v1/catalog/nodes | sed -e 's/,{"Node":"ambari-8080.*}//g' -e 's/,{"Node":"consul.*}//g'
+  curl $(get-consul-base-url)/v1/catalog/nodes | sed -e 's/,{"Node":"ambari-8080.*}//g' -e 's/,{"Node":"consul.*}//g'
 }
 
 amb-settings() {
@@ -82,6 +117,30 @@ docker-psa() {
   docker inspect --format="{{.Name}} {{.NetworkSettings.IPAddress}} {{.Config.Image}} {{.Config.Entrypoint}} {{.Config.Cmd}}" $(docker ps -qa)
 }
 
+amb-restart-cluster() {
+  update-nameserver
+  local act_cluster_size=$1
+  : ${act_cluster_size:=$CLUSTER_SIZE}
+  echo starting an ambari cluster with: $act_cluster_size nodes
+
+  local CONSUL_IP=$(get-consul-ip)
+
+  docker restart ${AMBARI_SERVER_NAME}
+
+  [ $act_cluster_size -gt 1 ] && for i in $(seq $((act_cluster_size - 1))); do
+    docker restart ${NODE_PREFIX}${i}
+  done
+
+  echo "Waiting for containers to start..."
+  sleep 5
+
+  docker exec ${AMBARI_SERVER_NAME} /bin/bash -c "ex '+%s/nameserver.*/nameserver $CONSUL_IP/g' '+:wq' /etc/resolv.conf"
+
+  [ $act_cluster_size -gt 1 ] && for i in $(seq $((act_cluster_size - 1))); do
+    docker exec ${NODE_PREFIX}${i} /bin/bash -c "ex '+%s/nameserver.*/nameserver $CONSUL_IP/g' '+:wq' /etc/resolv.conf"
+  done
+}
+
 amb-start-cluster() {
   local act_cluster_size=$1
   : ${act_cluster_size:=$CLUSTER_SIZE}
@@ -98,8 +157,9 @@ _amb_run_shell() {
   : ${COMMAND:? required}
   get-ambari-server-ip
   EXPECTED_HOST_COUNT=$(docker inspect --format="{{.Config.Image}} {{.Name}}" $(docker ps -q)|grep $AMBARI_AGENT_IMAGE|grep $NODE_PREFIX|wc -l|xargs)
-  run-command docker run -it --rm -e EXPECTED_HOST_COUNT=$EXPECTED_HOST_COUNT -e BLUEPRINT=$BLUEPRINT --link ${AMBARI_SERVER_NAME}:ambariserver \
-     --entrypoint /bin/sh $AMBARI_SERVER_IMAGE -c $COMMAND
+  cd ambari-server/ && run-command docker run -v $AMBARI_SERVER_SHARED:/docker_shared -it --rm -e EXPECTED_HOST_COUNT=$EXPECTED_HOST_COUNT -e BLUEPRINT=$BLUEPRINT --link ${AMBARI_SERVER_NAME}:ambariserver \
+     --entrypoint /bin/sh $AMBARI_SERVER_IMAGE -c $COMMAND && cd ..
+
 }
 
 amb-shell() {
@@ -118,20 +178,57 @@ amb-deploy-cluster() {
 
   : ${BLUEPRINT:?" required (single-node-hdfs-yarn / multi-node-hdfs-yarn / hdp-singlenode-default / hdp-multinode-default)"}
 
+  init 
   amb-start-cluster $act_cluster_size
   _amb_run_shell /tmp/install-cluster.sh
 }
 
-amb-start-first() {
+amb-consul-start() {
   local dns_port_command=""
   if [[ "$EXPOSE_DNS" == "true" ]]; then
      dns_port_command="-p 53:$DNS_PORT/udp"
   fi
-  run-command docker run -d $dns_port_command --name $CONSUL -h $CONSUL.service.consul $CONSUL_IMAGE -server -bootstrap
+  run-command docker run -p 8500:8500 -d $dns_port_command --name $CONSUL -h $CONSUL.service.consul $CONSUL_IMAGE -server -bootstrap-expect=1
   sleep 5
 
-  run-command docker run -d $DOCKER_OPTS --privileged --name $AMBARI_SERVER_NAME -h $AMBARI_SERVER_NAME.service.consul $AMBARI_SERVER_IMAGE \
-          systemd.setenv=NAMESERVER_ADDR=$(get-consul-ip)
+  update-nameserver
+}
+
+
+amb-reregister-service() {
+  get-ambari-server-ip
+  : ${AMBARI_SERVER_IP:?"AMBARI_SERVER_IP is needed"}
+  NUMBER=${1:?"please enter number of nodes to be re-registered"}
+  if [[ $# -eq 1 ]]; then
+    MORE_OPTIONS="-d"
+  else
+    shift
+    MORE_OPTIONS="$@"
+  fi
+
+  echo reregistering an ambari cluster on consul with: $act_cluster_size nodes
+
+  echo "Registering Ambari Server $AMBARI_SERVER_NAME $AMBARI_SERVER_IP on consul: " $(_consul-register-service $AMBARI_SERVER_NAME $AMBARI_SERVER_IP)
+
+  echo "Registering Ambari Service ambari-8080 on consul: " $(_consul-register-service ambari-8080 $AMBARI_SERVER_IP)
+
+  local act_cluster_size=$1
+  : ${act_cluster_size:=$CLUSTER_SIZE}
+
+  [ $act_cluster_size -gt 1 ] && for i in $(seq $((act_cluster_size - 1))); do
+    echo Registering ${NODE_PREFIX}${i} : $(_consul-register-service ${NODE_PREFIX}${i} $(get-host-ip ${NODE_PREFIX}${i}))
+  done
+}
+
+amb-start-first() {
+  local dns_port_command=""
+  if [[ "$EXPOSE_DNS" == "true" ]]; then
+     dns_port_command="-p 53:$DNS_PORT/udp"
+  fi
+
+  amb-consul-start
+
+  cd ambari-server && run-command docker run -v $AMBARI_SERVER_SHARED:/docker_shared -p 8080:8080 -d $DOCKER_OPTS --privileged --name $AMBARI_SERVER_NAME -h $AMBARI_SERVER_NAME.service.consul $AMBARI_SERVER_IMAGE && cd ..
 
   get-ambari-server-ip
 
@@ -139,6 +236,15 @@ amb-start-first() {
   _consul-register-service ambari-8080 $AMBARI_SERVER_IP
 }
 
+kerberos-start-first() {
+  echo run-command docker run -v $KERBEROS_SHARED:/docker_shared -v /dev/urandom:/dev/random -h kerberos.service.consul --name $KERBEROS -e BOOTSTRAP=0 --security-opt seccomp=unconfined -dt $DOCKER_OPTS --entrypoint /docker_shared/init-kerberos.sh $KERBEROS_IMAGE 
+  run-command docker run -v $KERBEROS_SHARED:/docker_shared -v /dev/urandom:/dev/random -h kerberos.service.consul --name $KERBEROS -e BOOTSTRAP=0 --security-opt seccomp=unconfined -dt $DOCKER_OPTS --entrypoint /docker_shared/init-kerberos.sh $KERBEROS_IMAGE 
+  sleep 10
+  kerberos_ip=$(get-host-ip $KERBEROS)
+  echo "Kerberos running on" $kerberos_ip
+  _consul-register-service $KERBEROS $kerberos_ip 
+}
+
 amb-copy-to-hdfs() {
   get-ambari-server-ip
   FILE_PATH=${1:?"usage: <FILE_PATH> <NEW_FILE_NAME_ON_HDFS> <HDFS_PATH>"}
@@ -174,18 +280,18 @@ amb-start-node() {
     MORE_OPTIONS="$@"
   fi
 
-  run-command docker run $MORE_OPTIONS $DOCKER_OPTS --privileged --name ${NODE_PREFIX}$NUMBER -h ${NODE_PREFIX}${NUMBER}.service.consul $AMBARI_AGENT_IMAGE \
-              systemd.setenv=NAMESERVER_ADDR=$(get-consul-ip)
+  cd ambari-agent && run-command docker run -v $AMBARI_AGENT_SHARED:/docker_shared $MORE_OPTIONS $DOCKER_OPTS --privileged --name ${NODE_PREFIX}$NUMBER -h ${NODE_PREFIX}${NUMBER}.service.consul $AMBARI_AGENT_IMAGE && cd ..
 
   _consul-register-service ${NODE_PREFIX}${NUMBER} $(get-host-ip ${NODE_PREFIX}$NUMBER)
 }
 
 _consul-register-service() {
-  curl -X PUT -d "{
-    \"Node\": \"$1\",
-    \"Address\": \"$2\",
-    \"Service\": {
-      \"Service\": \"$1\"
-    }
-  }" http://$(get-consul-ip):8500/v1/catalog/register
+  echo "Dummy Registration"
+  # curl -X PUT -d "{
+  #  \"Node\": \"$1\",
+  #  \"Address\": \"$2\",
+  #  \"Service\": {
+  #    \"Service\": \"$1\"
+  #  }
+  #}" $(get-consul-base-url)/v1/catalog/register
 }
diff --git a/ambari-server/Dockerfile b/ambari-server/Dockerfile
index bf8c6d9..b3bfaee 100644
--- a/ambari-server/Dockerfile
+++ b/ambari-server/Dockerfile
@@ -16,9 +16,6 @@ ADD shell/ambari-shell.sh /tmp/
 ENV PLUGIN_PATH /plugins
 WORKDIR /tmp
 
-ADD init/init-server.sh /opt/ambari-server/init-server.sh
-RUN chmod u+x /opt/ambari-server/init-server.sh
-
 # add mysql and psql connectors to ambari-server so it can be downloaded by services (e.g.: Ranger)
 ADD http://dev.mysql.com/get/Downloads/Connector-J/mysql-connector-java-5.1.39.tar.gz /var/lib/ambari-server/resources/mysql-jdbc-driver.jar
 ADD https://jdbc.postgresql.org/download/postgresql-9.4.1208.jre7.jar /var/lib/ambari-server/resources/postgres-jdbc-driver.jar
diff --git a/ambari-server/docker_shared/etc/resolv.conf b/ambari-server/docker_shared/etc/resolv.conf
new file mode 100644
index 0000000..a8e7a07
--- /dev/null
+++ b/ambari-server/docker_shared/etc/resolv.conf
@@ -0,0 +1,2 @@
+nameserver 172.17.0.2
+search service.consul node.dc1.consul
diff --git a/ambari-server/init/init-server.sh b/ambari-server/docker_shared/init-server.sh
similarity index 82%
rename from ambari-server/init/init-server.sh
rename to ambari-server/docker_shared/init-server.sh
index 8626ae1..71fc699 100755
--- a/ambari-server/init/init-server.sh
+++ b/ambari-server/docker_shared/init-server.sh
@@ -9,29 +9,6 @@ debug() {
   [[ "DEBUG" ]]  && echo "[DEBUG] $@" 1>&2
 }
 
-get_nameserver_addr() {
-  if [[ "$NAMESERVER_ADDR" ]]; then
-    echo $NAMESERVER_ADDR
-  else
-    if ip addr show docker0 &> /dev/null; then
-      ip addr show docker0 | grep "inet\b" | awk '{print $2}' | cut -d/ -f1
-    else
-      ip ro | grep default | cut -d" " -f 3
-    fi
-  fi
-}
-
-# --dns isn't available for: docker run --net=host
-# sed -i /etc/resolf.conf fails:
-# sed: cannot rename /etc/sedU9oCRy: Device or resource busy
-# here comes the tempfile workaround ...
-local_nameserver() {
-  cat>/etc/resolv.conf<<EOF
-nameserver $(get_nameserver_addr)
-search service.consul node.dc1.consul
-EOF
-}
-
 wait_for_db() {
   while : ; do
     PGPASSWORD=bigdata psql -h $POSTGRES_DB -U ambari -c "select 1"
@@ -80,6 +57,9 @@ silent_security_setup() {
 }
 
 main() {
+  ln -s /docker_shared/etc/resolv.conf /tmp/resolv.conf
+  cp /tmp/resolv.conf /etc/resolv.conf
+
   [[ "$USE_CONSUL_DNS" == "true" ]] && local_nameserver
   reorder_dns_lookup
   if [ ! -f "/var/ambari-init-executed" ]; then
diff --git a/ambari-server/init/ambari-server.service b/ambari-server/init/ambari-server.service
index e88fd86..544f190 100644
--- a/ambari-server/init/ambari-server.service
+++ b/ambari-server/init/ambari-server.service
@@ -14,6 +14,6 @@ KillMode=process
 GuessMainPID=no
 RemainAfterExit=yes
 Environment='AMBARI_JVM_ARGS=-XX:MaxPermSize=512m'
-ExecStartPre=/opt/ambari-server/init-server.sh
+ExecStartPre=/docker_shared/init-server.sh
 ExecStart=/usr/sbin/ambari-server start
 ExecStop=/usr/sbin/ambari-server stop
diff --git a/build-docker-images.sh b/build-docker-images.sh
new file mode 100644
index 0000000..25a3d98
--- /dev/null
+++ b/build-docker-images.sh
@@ -0,0 +1,2 @@
+cd ambari-agent/ && docker build -t hortonworks/ambari-agent:latest . && cd ..
+cd ambari-server/ && docker build -t hortonworks/ambari-server:latest . && cd ..
diff --git a/docker-kerberos/Dockerfile b/docker-kerberos/Dockerfile
new file mode 100644
index 0000000..6023a93
--- /dev/null
+++ b/docker-kerberos/Dockerfile
@@ -0,0 +1,8 @@
+FROM centos:6.6
+MAINTAINER SequenceIQ
+
+# EPEL
+RUN rpm -Uvh http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
+
+# kerberos
+RUN yum install -y krb5-server krb5-libs krb5-auth-dialog krb5-workstation 
diff --git a/docker-kerberos/README.md b/docker-kerberos/README.md
new file mode 100644
index 0000000..9312f5f
--- /dev/null
+++ b/docker-kerberos/README.md
@@ -0,0 +1,45 @@
+## Docker kerberos
+This image
+is designed to support the Hadoop clusters launched by Cloudbreak. The default realm is `NODE.DC1.CONSUL` and the default admin principal is `admin/admin`. All the default values can be modified with environment variables.
+
+### Usage
+
+The image can be started in bootstrap mode and non-bootstrap mode. Bootstrap mode means
+when the container is launched it will create the DB for kerberos along with the admin user and start the KDC. 
+This use-case is convenient for a quick start. The non-bootstrap mode relies on that a third party will do the necessary steps to create the appropriate principals thus the KDC will start only once they are created. 
+Cloudbreak does this with a [consul plugn](https://github.com/sequenceiq/consul-plugins-kerberos).
+
+#### Quick start
+```
+docker run -d --net=host -v /etc/krb5.conf:/etc/krb5.conf -v /dev/urandom:/dev/random --name kerberos -e BOOTSTRAP=0 sequenceiq/kerberos
+```
+The containers have a pretty bad entropy level so the KDC won't start because of this. We can overcome this by using `/dev/urandom` which is less secure but does not care about entropy. 
+The `/etc/krb5.conf` is shared with the host so the generated configuration will be present on the host as well. We need to share this configuration with the `ambari-server` container as well or you need to take care of the copying.
+Once the container is running you can enable kerberos with `Ambari`.
+
+Useful environment variables:
+
+| Environmenr variables | Description |
+| --------------------- | ----------------------------- |
+| `REALM`               | the Kerberos realm            |
+| `DOMAIN_REALM`        | the DNS domain for the realm  |
+| `KERB_MASTER_KEY`     | master key for the KDC        |
+| `KERB_ADMIN_USER`     | administrator account name    |
+| `KERB_ADMIN_PASS`     | administrator's password      |
+| `SEARCH_DOMAINS`      | domain suffix search list     |
+
+### Test
+Once kerberos is enabled you need a `ticket` to execute any job on the cluster. Here's an example to get a ticket:
+```
+kinit -V -kt /etc/security/keytabs/smokeuser.headless.keytab ambari-qa-sparktest-rec@NODE.DC1.CONSUL
+```
+Example job:
+```java
+export HADOOP_LIBS=/usr/hdp/current/hadoop-mapreduce-client
+export JAR_EXAMPLES=$HADOOP_LIBS/hadoop-mapreduce-examples.jar
+export JAR_JOBCLIENT=$HADOOP_LIBS/hadoop-mapreduce-client-jobclient.jar
+
+hadoop jar $JAR_EXAMPLES teragen 10000000 /user/ambari-qa/terasort-input
+
+hadoop jar $JAR_JOBCLIENT mrbench -baseDir /user/ambari-qa/smallJobsBenchmark -numRuns 5 -maps 10 -reduces 5 -inputLines 10 -inputType ascending
+```
diff --git a/docker-kerberos/docker_shared/init-kerberos.sh b/docker-kerberos/docker_shared/init-kerberos.sh
new file mode 100755
index 0000000..34236cf
--- /dev/null
+++ b/docker-kerberos/docker_shared/init-kerberos.sh
@@ -0,0 +1,68 @@
+#!/bin/bash
+
+: ${KERB_MASTER_KEY:=masterkey}
+: ${REALM:=SERVICE.CONSUL}
+: ${KERB_ADMIN_USER:=admin}
+: ${KERB_ADMIN_PASS:=admin}
+
+create_config() {
+  cp /docker_shared/krb5.conf /etc/krb5.conf
+}
+
+create_db() {
+  /usr/sbin/kdb5_util -P $KERB_MASTER_KEY -r $REALM create -s
+}
+
+create_admin_user() {
+  kadmin.local -q "addprinc -pw $KERB_ADMIN_PASS $KERB_ADMIN_USER/admin"
+  echo "*/admin@$REALM *" > /var/kerberos/krb5kdc/kadm5.acl
+}
+
+fix_hostname() {
+  sed -i "/^hosts:/ s/ *files dns/ dns files/" /etc/nsswitch.conf
+}
+
+create_db() {
+  /usr/sbin/kdb5_util -P $KERB_MASTER_KEY -r $REALM create -s
+}
+
+start_kdc() {
+  mkdir -p /var/log/kerberos
+
+  chkconfig krb5kdc on
+  chkconfig kadmin on
+ 
+  /sbin/service krb5kdc start #/etc/rc.d/init.d/krb5kdc start
+  /sbin/service kadmin start #/etc/rc.d/init.d/kadmin start
+}
+
+restart_kdc() {
+  /etc/rc.d/init.d/krb5kdc restart
+  /etc/rc.d/init.d/kadmin restart
+}
+
+create_admin_user() {
+  kadmin.local -q "addprinc -pw $KERB_ADMIN_PASS $KERB_ADMIN_USER/admin"
+  echo "*/admin@$REALM *" > /var/kerberos/krb5kdc/kadm5.acl
+}
+
+main() {
+  ln -s /docker_shared/etc/resolv.conf /tmp/resolv.conf
+  cp /tmp/resolv.conf /etc/resolv.conf
+
+  mkdir -p /var/log/kerberos
+
+  if [ ! -f /var/kerberos/kerberos_initialized ]; then
+    create_config
+    create_db
+    create_admin_user
+    start_kdc
+
+    touch /var/kerberos/kerberos_initialized
+  fi
+
+  tail -f /dev/null
+  #fix_hostname
+}
+
+[[ "$0" == "$BASH_SOURCE" ]] && main "$@"
diff --git a/docker-kerberos/docker_shared/krb5.conf b/docker-kerberos/docker_shared/krb5.conf
new file mode 100644
index 0000000..f3bcd7f
--- /dev/null
+++ b/docker-kerberos/docker_shared/krb5.conf
@@ -0,0 +1,22 @@
+[logging]
+ default = FILE:/var/log/kerberos/krb5libs.log
+ kdc = FILE:/var/log/kerberos/krb5kdc.log
+ admin_server = FILE:/var/log/kerberos/kadmind.log
+
+[libdefaults]
+ default_realm = SERVICE.CONSUL 
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+
+[realms]
+ SERVICE.CONSUL = {
+  kdc = kerberos.service.consul
+  admin_server = kerberos.service.consul
+ }
+
+[domain_realm]
+ .service.consul = SERVICE.CONSUL
+ service.consul = SERVICE.CONSUL
diff --git a/docker_shared/etc/krb5.conf b/docker_shared/etc/krb5.conf
new file mode 100644
index 0000000..ef3be51
--- /dev/null
+++ b/docker_shared/etc/krb5.conf
@@ -0,0 +1,22 @@
+[logging]
+ default = FILE:/var/log/kerberos/krb5libs.log
+ kdc = FILE:/var/log/kerberos/krb5kdc.log
+ admin_server = FILE:/var/log/kerberos/kadmind.log
+
+[libdefaults]
+ default_realm = DSE.GROUP.ON 
+ dns_lookup_realm = false
+ dns_lookup_kdc = false
+ ticket_lifetime = 24h
+ renew_lifetime = 7d
+ forwardable = true
+
+[realms]
+ DSE.GROUP.ON = {
+  kdc = kerberos.service.consul
+  admin_server = kerberos.service.consul
+ }
+
+[domain_realm]
+ .service.consul = DSE.GROUP.ON
+ service.consul = DSE.GROUP.ON
diff --git a/docker_shared/etc/resolv.conf b/docker_shared/etc/resolv.conf
new file mode 100644
index 0000000..a8e7a07
--- /dev/null
+++ b/docker_shared/etc/resolv.conf
@@ -0,0 +1,2 @@
+nameserver 172.17.0.2
+search service.consul node.dc1.consul