一、创建认证规则
二、创建Keytab文件
三、部署Kerberos Keytab文件
四、修改HDFS配置文件,包括
1)core-site.xml
2)hdfs-site.xml
五、启动namenode
六、启动datanode
步骤实施
1、创建认证规则
[root@cdh1 training]# kadmin.local -q "addprinc -randkey hdfs/cdh1@ZGP.COM"
Authenticating as principal root/admin@ZGP.COM with password.
WARNING: no policy specified for hdfs/cdh1@ZGP.COM; defaulting to no policy
Principal "hdfs/cdh1@ZGP.COM" created.
[root@cdh1 training]#
[root@cdh1 training]# kadmin.local -q "addprinc -randkey hdfs/cdh2@ZGP.COM"
[root@cdh1 training]# kadmin.local -q "addprinc -randkey hdfs/cdh3@ZGP.COM"
[root@cdh1 training]# kadmin.local -q "addprinc -randkey HTTP/cdh1@ZGP.COM"
[root@cdh1 training]# kadmin.local -q "addprinc -randkey HTTP/cdh2@ZGP.COM"
[root@cdh1 training]# kadmin.local -q "addprinc -randkey HTTP/cdh3@ZGP.COM"
[root@cdh1 training]# kadmin
Authenticating as principal root/admin@ZGP.COM with password.
Password for root/admin@ZGP.COM:
kadmin: list_principals
HTTP/cdh1@ZGP.COM
HTTP/cdh2@ZGP.COM
HTTP/cdh3@ZGP.COM
K/M@ZGP.COM
hdfs/cdh1@ZGP.COM
hdfs/cdh2@ZGP.COM
hdfs/cdh3@ZGP.COM
kadmin/admin@ZGP.COM
kadmin/cdh1@ZGP.COM
kadmin/changepw@ZGP.COM
krbtgt/ZGP.COM@ZGP.COM
root/admin@ZGP.COM
kadmin:
2、创建keytab文件
[root@cdh1 training]# cd /var/kerberos/krb5kdc
[root@cdh1 krb5kdc]# kadmin.local -q "xst -k hdfs-unmerged.keytab hdfs/cdh1@ZGP.COM"
Authenticating as principal root/admin@ZGP.COM with password.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:hdfs-unmerged.keytab.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:hdfs-unmerged.keytab.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:hdfs-unmerged.keytab.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:hdfs-unmerged.keytab.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type des-hmac-sha1 added to keytab WRFILE:hdfs-unmerged.keytab.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type des-cbc-md5 added to keytab WRFILE:hdfs-unmerged.keytab.
[root@cdh1 krb5kdc]#
[root@cdh1 krb5kdc]# kadmin
二、创建Keytab文件
三、部署Kerberos Keytab文件
四、修改HDFS配置文件,包括
1)core-site.xml
2)hdfs-site.xml
五、启动namenode
六、启动datanode
步骤实施
1、创建认证规则
[root@cdh1 training]# kadmin.local -q "addprinc -randkey hdfs/cdh1@ZGP.COM"
Authenticating as principal root/admin@ZGP.COM with password.
WARNING: no policy specified for hdfs/cdh1@ZGP.COM; defaulting to no policy
Principal "hdfs/cdh1@ZGP.COM" created.
[root@cdh1 training]#
[root@cdh1 training]# kadmin.local -q "addprinc -randkey hdfs/cdh2@ZGP.COM"
[root@cdh1 training]# kadmin.local -q "addprinc -randkey hdfs/cdh3@ZGP.COM"
[root@cdh1 training]# kadmin.local -q "addprinc -randkey HTTP/cdh1@ZGP.COM"
[root@cdh1 training]# kadmin.local -q "addprinc -randkey HTTP/cdh2@ZGP.COM"
[root@cdh1 training]# kadmin.local -q "addprinc -randkey HTTP/cdh3@ZGP.COM"
[root@cdh1 training]# kadmin
Authenticating as principal root/admin@ZGP.COM with password.
Password for root/admin@ZGP.COM:
kadmin: list_principals
HTTP/cdh1@ZGP.COM
HTTP/cdh2@ZGP.COM
HTTP/cdh3@ZGP.COM
K/M@ZGP.COM
hdfs/cdh1@ZGP.COM
hdfs/cdh2@ZGP.COM
hdfs/cdh3@ZGP.COM
kadmin/admin@ZGP.COM
kadmin/cdh1@ZGP.COM
kadmin/changepw@ZGP.COM
krbtgt/ZGP.COM@ZGP.COM
root/admin@ZGP.COM
kadmin:
2、创建keytab文件
[root@cdh1 training]# cd /var/kerberos/krb5kdc
[root@cdh1 krb5kdc]# kadmin.local -q "xst -k hdfs-unmerged.keytab hdfs/cdh1@ZGP.COM"
Authenticating as principal root/admin@ZGP.COM with password.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type aes256-cts-hmac-sha1-96 added to keytab WRFILE:hdfs-unmerged.keytab.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type aes128-cts-hmac-sha1-96 added to keytab WRFILE:hdfs-unmerged.keytab.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type des3-cbc-sha1 added to keytab WRFILE:hdfs-unmerged.keytab.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type arcfour-hmac added to keytab WRFILE:hdfs-unmerged.keytab.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type des-hmac-sha1 added to keytab WRFILE:hdfs-unmerged.keytab.
Entry for principal hdfs/cdh1@ZGP.COM with kvno 2, encryption type des-cbc-md5 added to keytab WRFILE:hdfs-unmerged.keytab.
[root@cdh1 krb5kdc]#
[root@cdh1 krb5kdc]# kadmin