1.1 环境介绍
参考博客:https://www.cnblogs.com/xiaodf/p/5968178.html
https://www.douban.com/note/701660289/
https://www.freebsd.org/doc/zh_CN/books/handbook/kerberos5.html
1、环境介绍
# 注:安装kerberos前,要确保主机名可以被解析。 主机名 内网IP 角色 linux-node1.example.com 192.168.56.11 Master KDC linux-node1.example.com 192.168.56.12 Kerberos client linux-node1.example.com 192.168.56.13 Kerberos client
1.2 在node1中配置安装KDC
注:确保所有的clients与servers之间的时间同步以及DNS正确解析
1、安装krb5-server和krb5-workstation(node1)
yum install krb5-server krb5-libs krb5-auth-dialog krb5-workstation -y
1) 在安装完上述的软件之后,会在KDC主机上生成配置文件/etc/krb5.conf和/var/kerberos/krb5kdc/kdc.conf
2)它们分别反映了realm name 以及 domain-to-realm mappings。
2、配置kdc.conf
vim /var/kerberos/krb5kdc/kdc.conf
注:在kdc.conf文件中一定要指定kdc的主机名(kdc = linux-node1.example.com)
[kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] HADOOP.COM = { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab max_renewable_life = 7d supported_enctypes = aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal }