Shulou(Shulou.com)06/01 Report--

This article mainly introduces how to install kerberos under centos7. It is very detailed and has a certain reference value. Friends who are interested must finish it!

Install Kerberos

Install kerberos under centos7

Yum install kerberos

Yum install krb5-libs krb5-server krb5-workstation

Configure hosts

FQDN needs to be configured as follows:

Vim / etc/hosts10.2.1.23 ambari-ttt-master

Configure krb5

Vim / etc/krb5.conf [libdefaults] renew_lifetime = 7d forwardable = true default_realm = [EXAM.CN] ticket_lifetime = 24h dns_lookup_realm = false dns_lookup_kdc = false default_ccache_name = / tmp/krb5cc_% {uid} # default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 # default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5 [logging] default = FILE:/var/log/krb5kdc.log admin _ server = FILE:/var/log/kadmind.log kdc = FILE:/var/log/krb5kdc.log [realms] [EXAM.CN] = {admin_server = [ambari-ttt-master] kdc = [ambari-ttt-master]}

[EXAM.CN]: domain name. You can have a semantic name at will, preferably in uppercase

[ambari-ttt-master]: the host name of the FQDN configured in the previous article

If an error occurs during startup, please check the output log content information under logging to help you quickly locate the problem

Configure kdc information in krb

Vim / var/kerberos/krb5kdc/kdc.conf [kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] [EXAM.CN] = {# master_key_type = aes256-cts acl_file = / var/kerberos/krb5kdc/kadm5.acl dict_file = / usr/share/dict/words admin_keytab = / var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128 -cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal} vim / var/kerberos/krb5kdc/kadm5.acl*/admin@ [EXAM.CN] *

[EXAM.CN]: is the name of the domain in the previous article

[EXAM.CN] in the kadm5.acl file: is the name of the domain in the previous article

Create a kerberos database

The first choice is to check whether ll / var/kerberos/krb5kdc/ has a kadm5.acl,kdc.conf file. The creation command is as follows:

Kdb5_util create-r EXAM.COM-s

You only need to enter the password, which cannot be lost, otherwise it needs to be re-created. After creation, there will be several more files in the ll / var/kerberos/krb5kdc/ directory to principal,principal.kadm5,principal.kadm5.lock,principal.ok respectively.

Create an administrator

Kadmin.local-Q "addprinc admin/admin" where admin/admin is the user name. You need to enter the password when creating it, and you need to save the password. You can use kadmin.local to enter listprincs to check whether the user has created it successfully.

Start the service

Systemctl start krb5kdc

Systemctl start kadmin

Question list

Failed to start krb5kdc. Check the / var/log/krb5kdc.log file and report the following information:

Algorithm AES256 not enabled

After passing google, I found that because of the encryption problem under jre, I need to download and replace it again. Http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html can download it according to the version of jdk installed by myself.

Cp * .jar / usr/java/jdk1.8.0_112/jre/lib/security/

Restart ambari after the replacement is completed

The above is all the contents of the article "how to install kerberos under centos7". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.