![(please configure the [header_logo] section in trac.ini)](http://www1.pconline.com.cn/hr/2009/global/images/logo.gif){kind=logo}
Changes between Version 5 and Version 6 of kerberos
- Timestamp:
- 09/03/2012 02:54:08 PM (14 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
kerberos
v5 v6 20 20 21 21 {{{ 22 [logging]22 logging] 23 23 default = FILE:/var/log/krb5libs.log 24 24 kdc = FILE:/var/log/krb5kdc.log … … 26 26 27 27 [libdefaults] 28 default_realm = PCONLINE28 default_realm = LOCALDOMAIN 29 29 dns_lookup_realm = false 30 30 dns_lookup_kdc = false … … 33 33 34 34 [realms] 35 PCONLINE= {35 LOCALDOMAIN = { 36 36 kdc = hadooptest-11-63.pconline.ctc:88 37 37 admin_server = hadooptest-11-63.pconline.ctc:749 38 default_domain = pconline.ctc39 38 default_domain = localdomain 39 } 40 40 41 41 [domain_realm] 42 . pconline.ctc = PCONLINE43 pconline.ctc = PCONLINE42 .localdomain = LOCALDOMAIN 43 localdomain = LOCALDOMAIN 44 44 45 45 [appdefaults] … … 63 63 64 64 [realms] 65 PCONLINE= {65 LOCALDOMAIN = { 66 66 acl_file = /usr/local/var/krb5kdc/kadm5.acl 67 67 dict_file = /usr/share/dict/words … … 79 79 80 80 {{{ 81 # /usr/local/sbin/kdb5_util create -r PCONLINE-s[[BR]]81 # /usr/local/sbin/kdb5_util create -r LOCALDOMAIN -s[[BR]] 82 82 }}} 83 83 84 84 4.在/usr/local/var/krb5kdc/目录下新建kadm5.acl文件,内容如下: 85 85 86 */admin@ HADOOP.LOCALDOMAIN *86 */admin@LOCALDOMAIN * 87 87 88 88 … … 90 90 91 91 # /usr/local/sbin/kadmin.local[[BR]] 92 Enter password forprincipal "admin/admin@ PCONLINE":[[BR]]93 kadmin.local: addprinc admin/admin@ PCONLINE[[BR]]94 Re-enter password forprincipal "admin/admin@ PCONLINE":[[BR]]95 Principal "admin/admin@ PCONLINE"created.[[BR]]92 Enter password forprincipal "admin/admin@LOCALDOMAIN":[[BR]] 93 kadmin.local: addprinc admin/admin@LOCALDOMAIN[[BR]] 94 Re-enter password forprincipal "admin/admin@LOCALDOMAIN":[[BR]] 95 Principal "admin/admin@LOCALDOMAIN"created.[[BR]] 96 96 生成admin keytab文件:[[BR]] 97 97 … … 111 111 112 112 # /usr/local/sbin/kadmin.local[[BR]] 113 Enter password forprincipal "hadoop/admin@ PCOLINE":[[BR]]114 kadmin.local: addprinc hadoop/admin@ PCOLINE[[BR]]115 Re-enter password forprincipal "hadoop/admin@ PCOLINE":[[BR]]116 Principal "hadoop/admin@ PCOLINE"created.[[BR]]113 Enter password forprincipal "hadoop/admin@LOCALDOMAIN":[[BR]] 114 kadmin.local: addprinc hadoop/admin@LOCALDOMAIN[[BR]] 115 Re-enter password forprincipal "hadoop/admin@LOCALDOMAIN":[[BR]] 116 Principal "hadoop/admin@LOCALDOMAIN"created.[[BR]] 117 117 118 118 … … 120 120 121 121 /usr/local/bin/kadmin[[BR]] 122 addprinc -randkey host/hadooptest-11-64@PCONLINE[[BR]]123 addprinc -randkey hadoop/hadooptest-11-64@PCONLINE[[BR]]124 addprinc -randkey hadoop/hadooptest-11-64.pconline.ctc@PCONLINE[[BR]]125 不知道为什么要两个,可能是没有DNS的原因,每台机器都要配126 122 127 ktadd -k /data/hadoop-1.0.3/conf/hadoop.keytab hadoop/hadooptest-11-64.pconline.ctc@PCONLINE host/hadooptest-11-64.pconline.ctc@PCONLINE hadoop/hadooptest-11-64@PCONLINE 123 addprinc -randkey host/hadooptest-11-64.pconline.ctc@LOCALDOMAIN[[BR]] 124 addprinc -randkey hadoop/hadooptest-11-64.pconline.ctc@LOCALDOMAIN[[BR]] 125 126 ''这里遇到一个问题,我们的hadoop core-site.xml使用的短名 hadooptest-11-64,要改为长名 hadooptest-11-64.pconline.ctc,不然kerberos里面会认为不同的实体[[BR]]'' 127 128 129 ktadd -k /data/hadoop-1.0.3/conf/hadoop.keytab hadoop/hadooptest-11-64.pconline.ctc@LOCALDOMAIN host/hadooptest-11-64.pconline.ctc@LOCALDOMAIN 130 131 10 修改配置文件,这些是固定的,网上很多地方有说, _HOST类似宏定义,有些地方读配置,有些地方读本机的长名[[BR]] 128 132 129 133
