• kerberos master-slave搭建


    1. 安装kerberos

    server

    yum install krb5-server krb5-libs krb5-auth-dialog

      

    client

    yum install krb5-workstation krb5-libs krb5-auth-dialog

     

    2. hosts

    10.112.29.9 kerberos.jenkin.com kerberos
10.112.29.10 kerberos2.jenkin.com kerberos2
10.112.29.10 kdc.jenkin.com kdc

      

    3. 修改配置文件

    /etc/krb5.conf

    [logging]
 default = FILE:/var/log/krb5libs.log
 kdc = FILE:/var/log/krb5kdc.log
 admin_server = FILE:/var/log/kadmind.log

[libdefaults]
 default_realm = JENKIN.COM
 dns_lookup_realm = false
 dns_lookup_kdc = false
 ticket_lifetime = 24h
 renew_lifetime = 7d
 forwardable = true

[realms]
 JENKIN.COM = {
  kdc = kerberos.jenkin.com
  kdc = kerberos2.jenkin.com
  admin_server = kerberos.jenkin.com
 }

[domain_realm]
 .jenkin.com = JENKIN.COM
 jenkin.com = JENKIN.COM

      

    /var/kerberos/krb5kdc/kdc.conf

    [kdcdefaults]
 kdc_ports = 88
 kdc_tcp_listen = 88

[realms]
 JENKIN.COM = {
  master_key_type = aes256-cts
  kadmind_port = 749
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  supported_enctypes = aes256-cts:normal aes128-cts:normal
        #des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
 }

      

    4. 初始化数据库

    kdb5_util create -r JENKIN.COM -s

      等待一会,输入设定密码。

    5. 添加principal

    kadmin.local

addprinc admin/admin@JENKIN.COM

      输入设定密码。

    ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw

      

    6. 修改acl

    vim /var/kerberos/krb5kdc/kadm5.acl

*/admin@JENKIN.COM      *

      

    7. 启动krb5kdc, kadmin

    service krb5kdc start

service kadmin start

    server搭建完成。

    slave搭建:

    添加principal:

    kadmin.local
addprinc -randkey host/kerberos.jenkin.com
addprinc -randkey host/kerberos2.jenkin.com

ktadd -k /etc/krb5.keytab host/kerberos.jenkin.com
ktadd -k /etc/krb5.keytab host/kerberos2.jenkin.com

      

    将master上的 kdc.conf, .k5.JENKIN.COM, kadm5.acl, /etc/krb5.conf, /etc/krb5.keytab拷贝至slave响应文件夹。

    在slave上添加/var/kerberos/krb5kdc/kpropd.acl 

    host/kerberos.jenkin.com@JENKIN.COM
host/kerberos2.jenkin.com@JENKIN.COM

    slave启动:kpropd -S

    同步数据至slave db

    在master上:

    kdb5_util dump /var/kerberos/krb5kdc/slave_data

scp slave_data slave_data.dump_ok kerberos2.jenkin.com:/var/kerberos/krb5kdc/
scp /etc/krb5.keytab kerberos2.jenkin.com:/etc/

kprop -f /var/kerberos/krb5kdc/slave_data kerberos2.jenkin.com

      

    成功:提示:Database propagation to kerberos2.jenkin.com: SUCCEEDED

    注意:hostname一定要单一。从日志中能看出来。

      

    8. 搭建client

    将.k5.JENKIN.COM kadm5.acl kdc.conf krb5.conf拷贝至其他机器。如果机器只作为client,不作为 从服务器,则只需要拷贝 krb5.conf即可。从服务器才需要全拷贝下面5个文件。

    scp .k5.JENKIN.COM kadm5.acl kdc.conf master2:/var/kerberos/krb5kdc/

scp /etc/krb5.conf master2:/etc/

    9. 登陆kadmin

    kadmin

数据密码

      

    client的kadmin能正常连接则表明搭建成功。  

    官网doc:http://web.mit.edu/kerberos/krb5-current/doc/krb_admins/install_kdc.html

    日常操作:

    添加principal

    kadmin.local
addprinc admin/admin

      

    其他机器查看:

    kinit admin/admin

      

    删除、查看、修改:

    kamdin:addprinc -randkey root/master1
kamdin:delprinc root/admin
kamdin:listprincs命令
kadmin:change_password -pw admin root/admin
kadmin:modify_principal

      
  • 相关阅读:
    java连接Oracle数据库实现增删改查并在Navicat中显示
    《程序员修炼之道:从小工到专家》 阅读笔记06
    VirtualBox 共享文件夹设置及使用方法
    Access denied for user 'root'@'localhost' (using password:YES)
    错误记录
    java.lang.NoClassDefFoundError: org/apache/hadoop/hbase/HBaseConfiguration] with root cause
    VirtualBox查看虚拟机IP地址
    用户不在sudoers文件中,此事将被报告
    简单窗口与hbase数据库相连
    AS安装过程中出现的错误
  • 原文地址:https://www.cnblogs.com/kisf/p/7473193.html
Copyright © 2020-2023  润新知