- 授权添加yarn账户
-
[root@xxx ~]
# kadmin.local
-
Authenticating as principal cloudera-scm/admin@JAST.COM with password.
-
kadmin.local: addprinc yarn@JAST.COM
-
WARNING:
no policy specified
for yarn@JAST.COM; defaulting to
no policy
-
Enter password
for principal
"yarn@JAST.COM":
-
Re-enter password
for principal
"yarn@JAST.COM":
-
Principal
"yarn@JAST.COM" created.
-
kadmin.local:
exit
- 查看当前系统使用的Kerberos账户
-
#使用的 cloudera-scm
-
[root@xxx ~]
# klist
-
Ticket cache: FILE:
/tmp/krb5cc_
0
-
Default principal: cloudera-scm/admin@IZHONGHONG.COM
-
-
Valid starting Expires Service principal
-
2019-08-
06T14:
45:
54
2019-08-
07T14:
45:
54 krbtgt/JAST.COM@JAST.COM
-
renew
until
2019-08-
13T14:
45:
54
注意:这里 Expires 是过期时间,即我们使用kinit 授权时候是有有效期的
有效期设置对应配置文件 /etc/krb5.conf 中的 ticket_lifetime = 24h 参数 (修改时服务端与客户端同时修改)
- 退出授权 - kdestroy
-
[root@ecs-dbtest-
0003 kerberos]
# klist
-
Ticket cache: FILE:
/tmp/krb5cc_
0
-
Default principal: admin/admin@JAST.COM
-
-
Valid starting Expires Service principal
-
10/
17/
2019
10:
17:
27
10/
18/
2019
10:
17:
27 krbtgt/JAST.COM@JAST.COM
-
renew
until
10/
24/
2019
10:
17:
27
-