快速搭建Kerberos服务端及入门使用
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
Kerberos是一种网络身份验证协议。它旨在通过使用秘密密钥加密为客户端/服务器应用程序提供强身份验证。麻省理工学院可以免费实施该协议。Kerberos也可用于许多商业产品。
尽管有许多配置参数和设置,但配置一个受Kerberos管理的Hadoop集群还是相当简单的。只要清楚地了解在前面部分中介绍的Kerberos概念,就可以自信地使用Kerberos来保护集群。
总之,Kerberos是解决您的网络安全问题的解决方案。它通过网络提供身份验证和强大加密工具,帮助您保护整个企业的信息系统。kerberos的官方地址:http://web.mit.edu/kerberos/。
一.搭建Kerberos服务器(node101.yinzhengjie.org.cn)
博主推荐阅读: Kerberos的发布页面:https://kerberos.org/dist/index.html Kerberos的官方文档:http://web.mit.edu/kerberos/krb5-1.17/doc/index.html Oracle相关的Kerberos文档:https://docs.oracle.com/cd/E26926_01/html/E25889/intro-1.html#scrolltoc 我们可以从MIT网站上下载最新版本的Kerberos,发布日期为:2019-01-08,即krb5-1.17.tar.gz。下载下来解压后可以使用编译方式安装,我们这里为了方便操作,就直接使用yum方式安装,一步到位,怎么简单怎么来~ 要配置Kerberos身份进行验证,就必须先安装和配置Kerberos。此配置需要在使用Kerberos调整Hadoop集群配置前完成。 首先安装Kerberos软件,这意味着在一个集群节点上安装KDC。然后,在所有集群节点上安装Kerberos客户端。 配置Kerberos意味着配置KDC管理的各个方面,ticket的生命周期等。在此过程中,可以创建域,用户和服务主体,并开始为Kerberos身份验证调整集群配置。 主节点上安装Kerberos的步骤如下所示:
1>.安装KDC 服务器
[root@node101.yinzhengjie.org.cn ~]# yum -y install krb5-server krb5-lib krb5-workstation Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: mirrors.aliyun.com * extras: mirrors.aliyun.com * updates: mirrors.aliyun.com base | 3.6 kB 00:00:00 extras | 3.4 kB 00:00:00 mysql-connectors-community | 2.5 kB 00:00:00 mysql-tools-community | 2.5 kB 00:00:00 mysql56-community | 2.5 kB 00:00:00 updates | 3.4 kB 00:00:00 zabbix | 2.9 kB 00:00:00 zabbix-non-supported | 951 B 00:00:00 mysql-connectors-community/x86_64/primary_db | 41 kB 00:00:00 No package krb5-lib available. Resolving Dependencies --> Running transaction check ---> Package krb5-server.x86_64 0:1.15.1-37.el7_6 will be installed --> Processing Dependency: libkadm5(x86-64) = 1.15.1-37.el7_6 for package: krb5-server-1.15.1-37.el7_6.x86_64 --> Processing Dependency: krb5-libs(x86-64) = 1.15.1-37.el7_6 for package: krb5-server-1.15.1-37.el7_6.x86_64 --> Processing Dependency: libverto-module-base for package: krb5-server-1.15.1-37.el7_6.x86_64 --> Processing Dependency: libkadm5srv_mit.so.11(kadm5srv_mit_11_MIT)(64bit) for package: krb5-server-1.15.1-37.el7_6.x86_64 --> Processing Dependency: libkadm5clnt_mit.so.11(kadm5clnt_mit_11_MIT)(64bit) for package: krb5-server-1.15.1-37.el7_6.x86_64 --> Processing Dependency: /usr/share/dict/words for package: krb5-server-1.15.1-37.el7_6.x86_64 mysql-connectors-community/x86_64/filelists_db | 54 kB 00:00:00 mysql-tools-community/x86_64/filelists_db | 158 kB 00:00:00 mysql56-community/x86_64/filelists_db | 732 kB 00:00:01 zabbix/x86_64/filelists_db | 46 kB 00:00:00 zabbix-non-supported/x86_64/filelists | 660 B 00:00:00 --> Processing Dependency: libkadm5srv_mit.so.11()(64bit) for package: krb5-server-1.15.1-37.el7_6.x86_64 --> Processing Dependency: libkadm5clnt_mit.so.11()(64bit) for package: krb5-server-1.15.1-37.el7_6.x86_64 ---> Package krb5-workstation.x86_64 0:1.15.1-37.el7_6 will be installed --> Running transaction check ---> Package krb5-libs.x86_64 0:1.15.1-34.el7 will be updated ---> Package krb5-libs.x86_64 0:1.15.1-37.el7_6 will be an update ---> Package libkadm5.x86_64 0:1.15.1-37.el7_6 will be installed ---> Package libverto-libevent.x86_64 0:0.2.5-4.el7 will be installed ---> Package words.noarch 0:3.0-22.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ============================================================================================================================================================================================ Package Arch Version Repository Size ============================================================================================================================================================================================ Installing: krb5-server x86_64 1.15.1-37.el7_6 updates 1.0 M krb5-workstation x86_64 1.15.1-37.el7_6 updates 816 k Installing for dependencies: libkadm5 x86_64 1.15.1-37.el7_6 updates 178 k libverto-libevent x86_64 0.2.5-4.el7 base 8.9 k words noarch 3.0-22.el7 base 1.4 M Updating for dependencies: krb5-libs x86_64 1.15.1-37.el7_6 updates 803 k Transaction Summary ============================================================================================================================================================================================ Install 2 Packages (+3 Dependent packages) Upgrade ( 1 Dependent package) Total download size: 4.2 M Downloading packages: Delta RPMs disabled because /usr/bin/applydeltarpm not installed. (1/6): krb5-libs-1.15.1-37.el7_6.x86_64.rpm | 803 kB 00:00:00 (2/6): krb5-server-1.15.1-37.el7_6.x86_64.rpm | 1.0 MB 00:00:01 (3/6): libkadm5-1.15.1-37.el7_6.x86_64.rpm | 178 kB 00:00:00 (4/6): krb5-workstation-1.15.1-37.el7_6.x86_64.rpm | 816 kB 00:00:00 (5/6): libverto-libevent-0.2.5-4.el7.x86_64.rpm | 8.9 kB 00:00:00 (6/6): words-3.0-22.el7.noarch.rpm | 1.4 MB 00:00:00 -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- Total 2.4 MB/s | 4.2 MB 00:00:01 Running transaction check Running transaction test Transaction test succeeded Running transaction Updating : krb5-libs-1.15.1-37.el7_6.x86_64 1/7 Installing : libkadm5-1.15.1-37.el7_6.x86_64 2/7 Installing : words-3.0-22.el7.noarch 3/7 Installing : libverto-libevent-0.2.5-4.el7.x86_64 4/7 Installing : krb5-server-1.15.1-37.el7_6.x86_64 5/7 Installing : krb5-workstation-1.15.1-37.el7_6.x86_64 6/7 Cleanup : krb5-libs-1.15.1-34.el7.x86_64 7/7 Verifying : krb5-workstation-1.15.1-37.el7_6.x86_64 1/7 Verifying : krb5-libs-1.15.1-37.el7_6.x86_64 2/7 Verifying : libkadm5-1.15.1-37.el7_6.x86_64 3/7 Verifying : libverto-libevent-0.2.5-4.el7.x86_64 4/7 Verifying : krb5-server-1.15.1-37.el7_6.x86_64 5/7 Verifying : words-3.0-22.el7.noarch 6/7 Verifying : krb5-libs-1.15.1-34.el7.x86_64 7/7 Installed: krb5-server.x86_64 0:1.15.1-37.el7_6 krb5-workstation.x86_64 0:1.15.1-37.el7_6 Dependency Installed: libkadm5.x86_64 0:1.15.1-37.el7_6 libverto-libevent.x86_64 0:0.2.5-4.el7 words.noarch 0:3.0-22.el7 Dependency Updated: krb5-libs.x86_64 0:1.15.1-37.el7_6 Complete! [root@node101.yinzhengjie.org.cn ~]#