Kerberos常用命令总结

进入kadmin	kadmin.local/kadmin
创建数据库	kdb5_util create -r JENKIN.COM -s
启动kdc服务	service krb5kdc start
启动kadmin服务	service kadmin start
修改当前密码	kpasswd
测试keytab可用性	kinit -k -t /var/kerberos/krb5kdc/keytab/root.keytab root/[email protected]
查看keytab	klist -e -k -t /etc/krb5.keytab
清除缓存	kdestroy
通过keytab文件认证登录	kinit -kt /var/run/cloudera-scm-agent/process/***-HIVESERVER2/hive.keytab hive/node2
kadmin模式下：
生成随机key的principal	addprinc -randkey root/[email protected]
生成指定key的principal	Addprinc -pw **** admin/[email protected]
查看principal	listprincs
修改admin/admin的密码	cpw -pw xxxx admin/admin
添加/删除principle	addprinc/delprinc admin/admin
直接生成到keytab	ktadd -k /etc/krb5.keytab host/[email protected]
设置密码策略(policy)	addpol -maxlife "90 days" -minlife "75 days" -minlength 8 -minclasses 3 -maxfailure 10 -history 10 user
添加带有密码策略的用户	addprinc -policy user hello/[email protected]
修改用户的密码策略	modprinc -policy user1 hello/[email protected]
删除密码策略	delpol [-force] user
修改密码策略	modpol -maxlife "90 days" -minlife "75 days" -minlength 8 -minclasses 3 -maxfailure 10 user