Kerberos
1, jsvc
# cd ~/软# wget http://mirror.bit.edu.cn/apache/commons/daemon/source/commons-daemon-1.0.15-native-src.tar.gz
#沥青zxfcommons-daemon-1.0.15-native-src.tar。广州
# cd commons-daemon-1.0.15-native-src/unix;。/配置;使
# cp jsvc/usr/local/hadoop-2.4.0/libexec/
# cd ~/软
# wgethttp://mirror.bit.edu.cn/apache//commons/daemon/binaries/commons-daemon-1.0.15-bin.tar.gz
#焦油zxf commons-daemon-1.0.15-bin.tar。广州
# cpcommons-daemon-1.0.15/commons-daemon-1.0.15.jar/usr/地方/hadoop-2.4.0/分享/hadoop/hdfs/lib/
# cpcommons-daemon-1.0.15/commons-daemon-1.0.15.jar/usr/地方/hadoop-2.4.0/分享/hadoop/httpfs/tomcat/webapps/webhdfs/web - inf/lib/
# rm - f/usr/local/hadoop-2.4.0/分享/hadoop/hdfs/lib/commons-daemon-1.0.13。jar
# rm - f/usr/地方/hadoop-2.4.0/分享/hadoop/httpfs/tomcat webapps/webhdfs/web - inf/lib/commons-daemon-1.0.13。jar
# # vim/usr/地方/hadoop-2.4.0/etc/hadoop/hadoop-env.sh
,,,,,,,,,,,,,,,,,,exportJSVC_HOME=/usr/地方/hadoop-2.4.0/libexec/
2256
# wget-c http://download.oracle.com/otn-pub/java/jce/7/UnlimitedJCEPolicyJDK7.zip?AuthParam=1400207941 _ee158c414c707a057960c521a7b29866
# unzipUnlimitedJCEPolicyJDK7。zip
# cp UnlimitedJCEPolicy/* . jar/usr/java/jdk1.7.0_65/jre/lib/安全/
cp/usr/java/jdk1.7.0_51/jre/lib/安全/local_policy。jar“y”
cp/usr/java/jdk1.7.0_51/jre/lib/安全/US_export_policy。jar“y
3 kdc
kdc服务器
# yum - y安装krb5 krb5 . conf \ *
[记录]
,默认=文件:/var/log/krb5libs.log
, kdc=文件:/var/log/krb5kdc.log
, admin_server=文件:/var/log/kadmind.log
[libdefaults]
, default_realm=cc.cn
, dns_lookup_realm=false
, dns_lookup_kdc=false
, ticket_lifetime=365 d
, renew_lifetime=365 d
,可=true
(领域),cc.cn={
,, kdc=test3
, admin_server=test3
,}
(kdc),概要=/var/kerberos/krb5kdc/kdc.conf
kdc。参看
# vim/var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]
, kdc_ports=88
, kdc_tcp_ports=88
(领域),cc.cn={
, # master_key_type=aes256-cts
, acl_file=/var/kerberos/krb5kdc/kadm5.acl
, dict_file=/usr/share/dict/words
, admin_keytab=/var/kerberos/krb5kdc/kadm5.keytab
, supported_enctypes=aes256-cts:普通aes128-cts: normaldes3-hmac-sha1:普通arcfour-hmac:普通des-hmac-sha1: normaldes-cbc-md5:普通des-cbc-crc:正常
,}
kadm5。acl # vim/var/kerberos/krb5kdc/kadm5.acl
*/admin@cc.cn *
# kdb5_util创建cc.cn - r - s
输入KDC数据库主密钥:
#服务krb5kdc启动
#服务kadmin开始
# chkconfig krb5kdc
# chkconfig kadmin
# kadmin.local
kadmin.local:,addprinc根/admin
为主要输入密码“根/admin@cc.cn”:
HadoopKerberos
1
# yum - y安装krb5 \ *
# scp test3:/etc/krb5。参看/etc/
# kadmin - p根/admin
kadmin:, addprinc -randkey根/test1
kadmin:, addprinc -randkey HTTP/test1
kadmin: ktadd - k/hadoop/krb5。keytab根/test1 HTTP/test1
# yum - y安装krb5 \ *
# scp test3:/etc/krb5。参看/etc/
# kadmin - p根/admin
kadmin:, addprinc -randkey根/test2
kadmin:, addprinc -randkey HTTP/test2
kadmin: ktadd - k/hadoop/krb5。keytab根/test2 HTTP/test2
# kadmin.local
kadmin.local:,,addprinc -randkey根/test3
kadmin.lcoal:,,addprinc -randkey HTTP/test3
kadmin.local:,,ktadd - k/hadoop/krb5。keytab根/test3 HTTP/test3
2
核心位点。xml
# vim/usr/地方/hadoop-2.4.0/etc/hadoop/core-site.xml
& lt; property>
,,,,,,, & lt; name> hadoop.security.authentication
,,,,,,, & lt; value> kerberos
& lt;/property>
& lt; property>
,,,,,,, & lt; name> hadoop.security.authorization
,,,,,,, & lt; value> true
& lt;/property>