Shulou(Shulou.com)06/03 Report--

I. preparatory stage

1. Download jce and extract it

Jce download address: http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

[root@manager] # lsjce_policy-8.zip [root@manager] # unzip-o-j-Q jce_policy-8.zip-d / usr/local/jdk/jre/lib/security/

two。 Install krb5

[root@manager ~] # yum install-y krb5-libs krb5-workstation

3. Modify the configuration file

[root@manager ~] # cat / etc/krb5.conf# Configuration snippets may be placed in this directory as wellincludedir / etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] dns_lookup_realm = false ticket_lifetime = 24 h renew_lifetime = 7d forwardable = true rdns = false default_realm = KRB.COM # modified to authentication domain default_ccache_name = KEYRING:persistent:% {uid} [realms] KRB.COM = {kdc = 192.168.10.131 # KDC address admin_server = 192.168.10.131 # kadmin service address} [domain_realm]

# the above needs to be configured on both the server and the client. You can use scp copy after the server has been configured.

4. Install krb5-server on the server

[root@manager ~] # yum install-y krb5-server

5. Modify the configuration file on the server

[root@manager ~] # cat / var/kerberos/krb5kdc/kdc.conf [kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] KRB.COM = {# master_key_type = aes256-cts acl_file = / var/kerberos/krb5kdc/kadm5.acl dict_file = / usr/share/dict/words admin_keytab = / var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256- Cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal} II. Configuration stage

1. Create a kerberos database

[root@manager ~] # kdb5_util create-s-r KRB.COMLoading random dataInitializing database'/ var/kerberos/krb5kdc/principal' for realm 'KRB.COM',master key name' K/M@KRB.COM'You will be prompted for the database Master Password.It is important that you NOT FORGET this password.Enter KDC database master key: Re-enter KDC database master key to verify:

two。 Create an administrator

[root@manager] # kadmin.local-Q "addprinc admin/admin" Authenticating as principal root/admin@KRB.COM with password.WARNING: no policy specified for admin/admin@KRB.COM; defaulting to no policyEnter password for principal "admin/admin@KRB.COM": Re-enter password for principal "admin/admin@KRB.COM": Principal "admin/admin@KRB.COM" created.

3. Add acl permissions to the administrator account

[root@manager] # cat / var/kerberos/krb5kdc/kadm5.acl * / admin@KRB.COM *

4. Start the service and set up boot

[root@manager ~] # systemctl start krb5kdc [root@manager ~] # systemctl start kadmin [root@manager ~] # systemctl enable krb5kdc [root@manager ~] # systemctl enable kadmin

5. Test the connection on the client side

[root@vm1 ~] # kadmin-p admin/adminAuthenticating as principal admin/admin with password.Password for admin/admin@KRB.COM: kadmin: listprincs K/M@KRB.COMadmin/admin@KRB.COMkadmin/admin@KRB.COMkadmin/changepw@KRB.COMkadmin/manager@KRB.COMkiprop/manager@KRB.COMkrbtgt/KRB.COM@KRB.COMkadmin: quit

6. Restart ambari-server

[root@manager ~] # ambari-server restart III. Add kerberos to Ambari

1. Turn on Kerberos

two。 Select MIT

3. Enter information about KDC and Kadmin

4. Installation and testing

5. Profile Settin

6. Waiting to stop other services

7. Add completed

8. Waiting for the service to be enabled

9. Complete

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.