Kerberos Configuration

1.1 Kerberos Overview

To create secure communication among its various components,HDP uses Kerberos. Kerberos is a third party authentication mechanism, in whichusers and services that users wish to access rely on a third party - theKerberos server - to authenticate each to the other. This mechanism alsosupports encrypting all traffic between the user and the service.

 

1.2 Installing and Configuring the KDC

1. To install a new version of the server:

[On RHEL or CentOS]

yum install krb5-server krb5-libs krb5-workstation

 

2. When the server is installed you must edit the two mainconfiguration files, located by default here:

[On RHEL or CentOS]

/etc/krb5.conf

/var/kerberos/krb5kdc/kdc.conf.

You don’t need to change kdc.conf file.

Note:there is a access control list file named kdc.acl.Actually. You also don’t need to change it.Just remind you, the principialinclude /admin will have full privilege.For example:xxx/admin@EXAMPLE.COM

 

1.3 Creating the Database and Setting Up the First Administrator

1.Use the utility kdb5_util to create the Kerberosdatabase.

 [on RHEL or CentOS]

/usr/sbin/kdb5_util create -s

Input password twice when promote.

 

2. Create the first user principal. This must be done at aterminal window on the KDC machine itself, while you are logged in as root.Notice the .local. Normal kadmin usage requires that a principal withappropriate access already exist.The kadmin.local command can be used even ifno principals exist.

/usr/sbin/kadmin.local -q "addprinc wenqin.ruan/admin"

 

3.StartKerberos.

[on RHEL and CentOS]

/sbin/service krb5kdc start

/sbin/service kadmin start

 

1.4 Creating Service Principals and Keytab Files

1. run kinit to obtain a ticket and store it in a credentialcache file.

Kinit wenqin.ruan/admin

2. use klist to view the list of credentials in the cache.

Klist

3. Use kadmin to enter kadmin command line.

kadmin

4. .Extract the related keytab file and place it in thekeytab directory (by default /etc/krb5.keytab) of the appropriate respectivecomponents:

 xst -k$keytab_file_name wenqin.ruan/admin

5. Verify that the correct keytab files and principals areassociated with the correct service using the klist command. For example:

kinit –k -t /etc/krb5.keytab wenqin.ruan/admin

You will not need to input password any more.

 

Two related link:

http://docs.hortonworks.com/HDPDocuments/HDP1/HDP-1.3.0/bk_installing_manually_book/content/rpm-chap14-1-1.html

 

https://www.centos.org/docs/5/html/5.1/Deployment_Guide/s1-kerberos-server.html

 

Kerberos Client Configuration

Onlyneed to install krb5-libs krb5-workstation.And copy /etc/krb5.conf from serverhost to client host. Other operation is just same as above.

 

Splunk Hadoop Connect

1. Login into Splunk enterprise web, and select Splunk Hadoop Connect configure.
2. Configure Splunk Hadoop Connect as below.

 

Click save after filling those labels.

 

3.Test whether theconfiguration works.

You will see above.And clickexplore to test.