演示环境
Centos7.4
Ambari-2.6.2.0
使用指南
PS: 以下带#号注释的都是修改的内容
在Server机子上安装Kerberos
yum install krb5-server krb5-libs krb5-workstation -y
修改主配置krb5.conf文件
cat /etc/krb5.conf
[libdefaults]
renew_lifetime = 7d
forwardable = true
default_realm = FLINK.COM #Realm名
ticket_lifetime = 24h
dns_lookup_realm = false
dns_lookup_kdc = false
default_ccache_name = /tmp/krb5cc_%{uid}
[logging]
default = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
kdc = FILE:/var/log/krb5kdc.log
[realms]
FLINK.COM = {
admin_server = 10.3.111.0 #IP或者是主机名
kdc = 10.3.111.0 #IP或者是主机名
}
编辑Kdc文件
cat /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]
kdc_ports = 88
kdc_tcp_ports = 88
[realms]
FLINK.COM = { #对应名称
#master_key_type = aes256-cts
acl_file = /var/kerberos/krb5kdc/kadm5.acl
dict_file = /usr/share/dict/words
admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
}
编辑acl文件
cat /var/kerberos/krb5kdc/kadm5.acl
*/admin@FLINK.COM *
创建数据库
1.输入密码
2.输入确认密码
[root@storm1 ~]# kdb5_util create -s -r FLINK.COM
Loading random data
Initializing database '/var/kerberos/krb5kdc/principal' for realm 'FLINK.COM',
master key name 'K/M@FLINK.COM'
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:
创建管理员
1:输入两次上面的确认密码
2:输入退出
[root@storm1 ~]# kadmin.local
Authenticating as principal root/admin@FLINK.COM with password.
kadmin.local: addprinc admin/admin@FLINK.COM
WARNING: no policy specified for admin/admin@FLINK.COM; defaulting to no policy
Enter password for principal "admin/admin@FLINK.COM":
Re-enter password for principal "admin/admin@FLINK.COM":
Principal "admin/admin@FLINK.COM" created.
kadmin.local: exit
重启服务
systemctl restart krb5kdc
systemctl restart kadmin
Ambari操作
打开启动Kerberos
勾选Kerberos
配置
测试配置正确
自定义配置
停止服务
安装Kerberize集群
验证完成
