版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/tom_fans/article/details/89165540
参考官方文档:https://www.cloudera.com/documentation/enterprise/5-10-x/topics/cm_sg_authentication.html
开启kerberos之前,需要完成几个前提工作::
1.所有的CDH主机需要安装KDC客户端: krb5-workstation, krb5-libs
2. JCE Policy :参考官方文档:https://www.cloudera.com/documentation/enterprise/5-10-x/topics/cm_sg_s2_jce_policy.html
如果你不使用AES256加密,那么就不需要去考虑这个JCE policy的问题了。
3. KDC新建一个管理用户 ,这个用户主要用来给各个组件新增用户
4. krb5.conf需要设置:
max_life = 1d
max_renewable_life = 7d
kadmin.local: list_principals
HTTP/[email protected]
HTTP/[email protected]
HTTP/[email protected]
HTTP/[email protected]
K/[email protected]
admin/[email protected]
hbase/[email protected]
hbase/[email protected]
hbase/[email protected]
hbase/[email protected]
hdfs/[email protected]
hdfs/[email protected]
hdfs/[email protected]
hdfs/[email protected]
hive/[email protected]
hue/[email protected]
hue/[email protected]
impala/[email protected]
impala/[email protected]
impala/[email protected]
impala/[email protected]
kadmin/[email protected]
kadmin/[email protected]
kadmin/[email protected]
kafka/[email protected]
kafka/[email protected]
kafka/[email protected]
kafka/[email protected]
krbtgt/[email protected]
mapred/[email protected]
oozie/[email protected]
sentry/[email protected]
solr/[email protected]
solr/[email protected]
solr/[email protected]
solr/[email protected]
yarn/[email protected]
yarn/[email protected]
yarn/[email protected]
yarn/[email protected]
zookeeper/[email protected]
zookeeper/[email protected]
zookeeper/[email protected]