1.在KDC上创建用户
1.1生成随机key的principal:使用keytab文件进行认证
# kadmin admin/admin@CCTEST.DEV
kadminl: addprinc -randkey cctest@CCTEST.DEV //新建cctest用户
kadmin: xst -k cctest-unmerged.keytab cctest@CCTEST.DEV //生成cctest的keytab文件
1.2 生成指定key的principa:支持输入密码认证
kadmin: addprinc aatest@CCTEST.DEV
WARNING: no policy specified for aatest@CCTEST.DEV; defaulting to no policy
Enter password for principal "aatest@CCTEST.DEV":
Re-enter password for principal "aatest@CCTEST.DEV":
Principal "aatest@CCTEST.DEV" created.
1.3 查看用户
kadmin: listprincs
aatest@CCTEST.DEV
bbtest@CCTEST.DEV
cctest@CCTEST.DEV
1.4 生成keytab文件
# ktutil
Ktutil:rkt aatest-unmerged.keytab //添加keytab文件到列表
Ktutil:wkt aatest.keytab //合并列表生成keytab文件# klist -kt cctest.keytab
Keytab name: FILE:cctest.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
4 04/28/2019 11:27:15 aatest@CCTEST.DEV
4 04/28/2019 11:27:15 aatest@CCTEST.DEV
4 04/28/2019 11:27:15 aatest@CCTEST.DEV
4 04/28/2019 11:27:15 aatest@CCTEST.DEV
4 04/28/2019 11:27:15 aatest@CCTEST.DEV
4 04/28/2019 11:27:15 aatest@CCTEST.DEV
4 04/28/2019 11:27:15 aatest@CCTEST.DEV
4 04/28/2019 11:27:15 aatest@CCTEST.DEV注:keytab文件会生成在当前用户的home目录下
2.在hbase上赋权
用hbase的超级用户
#kinit -kt /etc/security/keytabs/hbase.headless.keytab hbase-cchdp@CCTEST.DEV
#hbase shell
hbase(main):003:0> grant 'aatest','RWXCA' //给用户赋权 R W X C A
Took 0.2068 seconds
3.登录hbase
#kinit -kt aatest.keytab aatest@CCTEST.DEV
hbase(main):005:0> whoami
aatest@CCTEST.DEV (auth:KERBEROS)
Took 0.0096 seconds