mac版
- 检查操作系统是否安装kerberos客户端
kinit
# 如果提示找不到命令,请使用如下命令安装
brew install krb5
- 下载并修改配置文件
# 下载kerberos服务端的krb5.conf文件到本地,复制到/etc/目录下
# 修改为如下内容
# Configuration snippets may be placed in this directory as well
# 下面这行注释掉,server端是打开状态的
# includedir /etc/krb5.conf.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
# 根据自己实际域名配置
default_realm = HAINIU.COM
#下面这行与server端保持一致,注释状态
# default_ccache_name = KEYRING:persistent:%{uid}
[realms]
HAINIU.COM = {
# mac使用的是udp协议,但是kerberos使用的是tcp协议,所以在服务节点前面加"tcp/"
kdc = tcp/worker-1
admin_server = tcp/worker-1
}
[domain_realm]
.worker-1 = HAINIU.COM
worker-1 = HAINIU.COM
- 认证测试
kinit hive
klist
海汼部落原创文章,原文链接:http://www.hainiubl.com/topics/75586