windows配置kerberos客户端浏览器访问oozie
1. 下载MIT安装包
链接:https://pan.baidu.com/s/1C8wisL0fMR2dMnyxMeb2Dg
提取码:bwnx
2. 安装好后修改配置文件
C:\ProgramData\MIT\Kerberos5\krb5.ini
#includedir /etc/krb5.conf.d/
#includedir /var/lib/sss/pubconf/krb5.include.d/
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = BDEC.COM
dns_lookup_realm = false
dns_lookup_kdc = true
rdns = false
ticket_lifetime = 24h
forwardable = true
udp_preference_limit = 0
#default_ccache_name = KEYRING:persistent:%{uid}
[realms]
BDEC.COM = {
kdc = node61-7.bdec.com:88
master_kdc = node61-7.bdec.com:88
admin_server = node61-7.bdec.com:749
default_domain = bdec.com
pkinit_anchors = FILE:/var/lib/ipa-client/pki/kdc-ca-bundle.pem
pkinit_pool = FILE:/var/lib/ipa-client/pki/ca-bundle.pem
}
[domain_realm]
.bdec.com = BDEC.COM
bdec.com = BDEC.COM
node61-7.bdec.com = BDEC.COM
[dbmodules]
BDEC.COM = {
db_library = ipadb.so
}
[plugins]
certauth = {
module = ipakdb:kdb/ipadb.so
enable_only = ipakdb
}
3. 准备keytab
4. cmd里kinit认证
5. 下载firefox浏览器并配置
输入about:config
搜索network.auth.use-sspi
: false
搜索network.negotiate-auth.trusted-uris
: 添加oozie的hosts
6. 重启firefox
使用oozie的域名访问oozie