Shulou(Shulou.com)06/01 Report--

Let's move on to the integration of Kerberos and Hadoop.

In fact, this topic is already very common on the Internet, nothing too new. By the way, the integration and management of Hadoop accounts.

Kdc and kadmin have been installed before, so next you need to create an hadoop-related account.

First of all, you need to enter kerberos to manage prompt with kadmin, where you need to enter the password of the admin account you created earlier.

And then you can create it, with? You can view the commands that are allowed. For example, we create the following account.

Addprinc-randkey hdfs/master.hadoop@HADOOP.COMxst-k hdfs.keytabaddprinc-randkey HTTP/master.hadoop@HADOOP.COMxst-k HTTP.keytab# generates two accounts and their keytab, then exits prompt and returns to shell. Entering ktutilrkt hdfs.keytabrkt HTTP.keytabwkt hdfs.keytab merges the original hdfs.keytab and HTTP.keytab into a new hdfs.keytab

First, create accounts related to hdfs, and finally, we need to create password-free keytab files for these accounts. In Hadoop, it is best to create a keytab for the same type of service. For example, hdfs and HTTP both belong to the HDFS service of hadoop. Therefore, we first create these two accounts and merge the information of these two accounts into one keytab.

And so on, you can create yarn/master.hadoop@HADOOP.COM,mapred/master.hadoop@HADOOP.COM,oozie, hive... Wait, the account number.

Then modify the hdfs-site.xml to add

Dfs.namenode.keytab.file hdfs.keytab dfs.namenode.kerberos.principal hdfs/_HOST@PG.COM dfs.namenode.kerberos.internal.spnego.principal HTTP/_HOST@PG.COM dfs.datanode.kerberos.principal hdfs/_HOST@PG.COM dfs.journalnode.kerberos.principal hdfs/_HOST@PG.COM dfs.journalnode.kerberos.internal.spnego.principal HTTP/_HOST@PG.COM dfs.cluster.administrators hdfs

By analogy, yarn/master.hadoop@HADOOP.COM 's keytab can be merged with HTTP's keytab, and mapred accounts can also be merged, of course, if you need to use spnego's http login authentication service, if you don't need spnego, you don't have to add a HTTP account. As for what spnego is, see the explanation.

Of course, the previous command to create an account and merge keytab, you can write a shell script to let him do it automatically.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.