Kerberos常用命令总结

进入kadmin

kadmin.local/kadmin

创建数据库

kdb5_util create -r JENKIN.COM -s 

启动kdc服务

service krb5kdc start

启动kadmin服务

service kadmin start 

修改当前密码

kpasswd

测试keytab可用性

kinit -k -t /var/kerberos/krb5kdc/keytab/root.keytab root/[email protected]

查看keytab

klist -e -k -t /etc/krb5.keytab 

清除缓存

kdestroy

通过keytab文件认证登录

kinit -kt /var/run/cloudera-scm-agent/process/***-HIVESERVER2/hive.keytab hive/node2

 

 

kadmin模式下:

 

生成随机key的principal

addprinc -randkey root/[email protected]

生成指定key的principal

Addprinc -pw **** admin/[email protected]

查看principal

listprincs

修改admin/admin的密码

cpw -pw xxxx admin/admin

添加/删除principle

addprinc/delprinc admin/admin

直接生成到keytab

ktadd -k /etc/krb5.keytab host/[email protected] 

设置密码策略(policy)

addpol -maxlife "90 days" -minlife "75 days" -minlength 8 -minclasses 3 -maxfailure 10 -history 10 user

添加带有密码策略的用户

addprinc -policy user hello/[email protected]

修改用户的密码策略

modprinc -policy user1 hello/[email protected]

删除密码策略

delpol [-force] user

修改密码策略

modpol -maxlife "90 days" -minlife "75 days" -minlength 8 -minclasses 3 -maxfailure 10 user

你可能感兴趣的:(笔记整理)