6
CDH6.3.2开启kerberos认证
source link: https://blog.51cto.com/gwj1319/5536833
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
CDH6.3.2开启kerberos认证
1、查看hosts文件
cat /etc/hosts
192.168.1.210 cdh-1
192.168.1.211 cdh-2
192.168.1.212 cdh-3
2、安装kerberos相关服务
cdh-1:
yum install krb5-server krb5-workstation pam_krb5 -y
cdh-[2-3]:
yum install krb5-devel krb5-workstation -y
3、修改配置文件
cdh-1:
vim /etc/krb5.conf
拷贝配置文件到其他机器
scp /etc/krb5.conf cdh-2:/etc/
scp /etc/krb5.conf cdh-3:/etc/
vim /var/kerberos/krb5kdc/kdc.conf
设置访问权限配置
vim /var/kerberos/krb5kdc/kadm5.acl
*/[email protected] *
4、创建kdc数据库
kdb5_util create -r HAIZHI.COM -s (也可以指定数据库 -D xxx)
设置kdc数据库密码:
5、创建管理用户
kadmin.local -q "addprinc root/admin"
设置用户密码:
抽取密钥并储存在本地 keytab 文件 /etc/krb5.keytab 中
kadmin.local -q "ktadd -norandkey root/admin"
查看生成的keytab
klist -k /etc/krb5.keytab
6、启动kerberos相关服务
systemctl start krb5kdc
systemctl start kadmin
systemctl enable krb5kdc
systemctl enable kadmin
kinit -kt xxx.keytab xxx/[email protected]
7、登录Cloudera Manager,启用kerberos
1> 环境确认,勾选全部
2> 填写kdc配置
3> 取消勾选,点击继续
4> 填写管理员账号和密码
5> 等待导入kdc
6> 重启集群
完毕
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK