CDH 禁用Kerberos配置详解

CDH 禁用Kerberos

  • hue配置:
    Kerberos Ticket Renewer Process Health Test:false
  • Zookeeper配置:
    enableSecurity (Enable Kerberos Authentication):false
    zoo.cfg配置:skipACL: yes
  • HDFS配置:
    hadoop.security.authentication:Simple
    hadoop.security.authorization:false
    dfs.datanode.address:1004 (for Kerberos) 改为 50010 (default)
    dfs.datanode.http.address:1006 (for Kerberos) 改为 50075 (default)
    dfs.datanode.data.dir.perm:700 改为 755
  • HBase配置:
    hbase.security.authentication:Simple
    hbase.security.authorization:false
    hbase.thrift.security.qop:none
  • Kafka配置:
    kerberos.auth.enable:false
  • SOLR配置:
    solr Secure Authentication :Simple

版权声明:本博客为记录本人自学感悟,转载需注明出处!
https://me.csdn.net/qq_39657909

已标记关键词 清除标记
CDH版本5.7。 cloudera manager上启用Kerberos失败,配置文件如下: /etc/krb5.conf [libdefaults] default_realm = BIGDATA.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 7d #ticket_lifetime = 2147483647 renew_lifetime = 30d #renew_lifetime = 2147483647 forwardable = true #renewable = true [realms] BIGDATA.COM = { kdc =bigdata-m-003 admin_server = bigdata-m-003 } [domain_realm] .bigdata.com = BIGDATA.COM bigdata.com = BIGDATA.COM /var/kerberos/krb5kdc/kadm5.acl */admin@BIGDATA.COM * /var/kerberos/krb5kdc/kdc.conf [kdcdefaults] kdc_ports = 88 kdc_tcp_ports = 88 [realms] BIGDATA.COM= { #master_key_type = aes256-cts acl_file = /var/kerberos/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab supported_enctypes = rc4-hmac:normal aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal max_life = 1d 0h 0m 0s max_renewable_life = 5d 0h 0m 0s } Cloudera Manager启用Kerberos过程中基本采用默认配置,KDC类型MIT KDC,加密类型为rc4-hmac,Kerberos Principal最大可更新生命周期为0,勾选了通过Cloudera Manager管理krb5.conf,KDC Account Manager凭据导入无报错。但后续启用过程失败。 该问题前后分为两个现象: 1.当环境中主机名中还存在大写字母时,比如有主机名为Bigdata-m-001,hadoop各组件相关凭据生成正常,类似于HTTP/Bigdata-m-001@BIGDATA.COM,但是在组件启动时会说因为找不到HTTP/bigdata-m-001@BIGDATA.COM而启动失败。多方调查认为是主机名不该存在大写字母的问题。 2.主机名都改为小写以后,Cloudera Manager中所有主机名有关的配置也更新为小写了。不启用Kerberos时集群运行正常。启用Kerberos后,在生成丢失的凭据这一步只有以下凭据能够成功生成。其它凭据例如HTTP/bigdata-m-001@BIGDATA.COM全部无法生成,也没有任何报错。 ![Kerberos凭据页面](https://img-ask.csdn.net/upload/201708/02/1501641809_237542.jpg) 求各位大神看看是怎么回事,怎么解决。
©️2020 CSDN 皮肤主题: 技术黑板 设计师:CSDN官方博客 返回首页