In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-26 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Internet Technology >
Share
Shulou(Shulou.com)06/03 Report--
Primary node installation
Yum-y install krb5-server krb5-libs krb5-auth-dialog krb5-workstation
Cat / etc/krb5.conf
Configuration snippets may be placed in this directory as wellincludedir / etc/krb5.conf.d/ [logging] default = FILE:/var/log/krb5libs.log kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] default_realm = HADOOP.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24 h renew_lifetime = 7d forwardable = true rdns = false# default_realm = EXAMPLE.COM# default_ccache_name = KEYRING:persistent:% {uid} [realms] HADOOP.COM = {kdc = bigdata-cdh01.kfk.com admin_server = bigdata-cdh01.kfk.com} [domain_realm] .bigdata-cdh01.kfk.com = HADOOP.COM bigdata-cdh01.kfk.com = HADOOP.COM
Cat / var/kerberos/krb5kdc/kadm5.acl
* / admin@HADOOP.COM *
Cat / var/kerberos/krb5kdc/kdc.conf
[kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] HADOOP.COM = {# master_key_type = aes256-cts max_renewable_life= 7d 0h 0ms acl_file = / var/kerberos/krb5kdc/kadm5.acl dict_file = / usr/share/dict/words admin_keytab = / var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des -hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal}
Create a kerberos database
Kdb5_util create-r HADOOP.COM-s
Create a kerberos management account
Add the kerberos service as boot
Systemctl enable krb5kdcsystemctl enable kadminsystemctl start krb5kdcsystemctl start kadmin
Test administrator account
Install the client for the node
Yum-y install krb5-libs krb5-auth-dialog krb5-workstation
Install additional packages on the primary node
Yum-y install openldap-clients
Copy krb5.conf files to all kerberos clients (bulk copies)
#! / bin/bashfor I in `cat node.list`do scp-r $2$ i:$3donesh scp.sh node.list / etc/krb5.conf / etc/
Start kerberos
Enable kerberos for kafka
Some commands of krb5
List account kadmin.local-Q "listprincs" Delete account kadmin.local-Q 'delete_principal hdfs/bigdata-cdh01.kfk.com@HADOOP.COM' create account specified password kadmin.local-Q "addprinc hdfs/bigdata-cdh01.kfk.com@bd00@HADOOP.COM" randomly generate password kadmin.local-Q "addprinc-randkey hdfs/bigdata-cdh01.kfk.com@HADOOP.COM" Export ticket Kadmin.local-Q "xst-k hdfs.keytab hdfs/bigdata-cdh01.kfk.com@HADOOP.COM" login to kinit-k-t hdfs.keytab hdfs/bigdata-cdh01.kfk.com@HADOOP.COM to view expiration time kadmin.local-Q 'getprinc krbtgt/HADOOP.COM@HADOOP.COM' modification time kadmin.local-Q' modprinc-maxrenewlife "7d" krbtgt/HADOOP.COM@HADOOP.COM' view Keytab content klist-e-k-t zookeeper.keytab does not change the password export kadmin.local-Q 'xst-k hdfs.keytab-norandkey hdfs/bigdata-cdh01.kfk.com@HADOOP.COM' exit login kdestroy
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
