登录Kerberos: kadmin.local
[root@manager ~]# kadmin.local
Authenticating as principal root/admin@BIGDATA with password.
kadmin.local: ? # 查看命令列表i
Available kadmin.local requests:
add_principal, addprinc, ank
Add principal
delete_principal, delprinc
Delete principal
modify_principal, modprinc
Modify principal
rename_principal, renprinc
Rename principal
change_password, cpw Change password
get_principal, getprinc Get principal
list_principals, listprincs, get_principals, getprincs
List principals
add_policy, addpol Add policy
modify_policy, modpol Modify policy
delete_policy, delpol Delete policy
get_policy, getpol Get policy
list_policies, listpols, get_policies, getpols
List policies
get_privs, getprivs Get privileges
ktadd, xst Add entry(s) to a keytab
ktremove, ktrem Remove entry(s) from a keytab
lock Lock database exclusively (use with extreme caution!)
unlock Release exclusive database lock
purgekeys Purge previously retained old keys from a principal
get_strings, getstrs Show string attributes on a principal
set_string, setstr Set a string attribute on a principal
del_string, delstr Delete a string attribute on a principal
list_requests, lr, ? List available requests.
quit, exit, q Exit program.
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
查看已存在凭据:list_principals, listprincs, get_principals, getprincs
kadmin.local: listprincs
HTTP/manager.bigdata@BIGDATA
HTTP/master.bigdata@BIGDATA
HTTP/worker.bigdata@BIGDATA
K/M@BIGDATA
activity_analyzer/manager.bigdata@BIGDATA
activity_explorer/manager.bigdata@BIGDATA
admin/admin@BIGDATA
ambari-qa-gaia@BIGDATA
ambari-server-gaia@BIGDATA
……
添加凭据:add_principal, addprinc, ank
kadmin.local: ank test@BIGDATA
WARNING: no policy specified for test@BIGDATA; defaulting to no policy
Enter password for principal "test@BIGDATA":
Re-enter password for principal "test@BIGDATA":
Principal "test@BIGDATA" created.
# 创建的时候指定密码
kadmin.local -q "addprinc -pw bigdata123 test"
根据添加的凭据生成keytab文件
kadmin.local # 登录
kadmin.local: ktadd -k /etc/security/keytabs/student.keytab -norandkey test@BIGDATA
修改凭据密码:change_password, cpw
kadmin.local: cpw test@BIGDATA
Enter password for principal "test@BIGDATA":
Re-enter password for principal "test@BIGDATA":
Password for "test@BIGDATA" changed.
删除凭据:delete_principal, delprinc
kadmin.local: delprinc test@BIGDATA
Are you sure you want to delete the principal "test@BIGDATA"? (yes/no): yes
Principal "test@BIGDATA" deleted.
Make sure that you have removed this principal from all ACLs before reusing.
认证用户:kinit
[root@manager ~]# kinit admin/admin@BIGDATA
Password for admin/admin@BIGDATA:
查看当前认证用户:klist
[root@manager ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin/admin@BIGDATA
Valid starting Expires Service principal
10/30/2019 00:21:12 10/31/2019 00:21:12 krbtgt/BIGDATA@BIGDATA
renew until 11/06/2019 00:21:12
删除当前认证的缓存
[root@manager ~]# kdestroy
[root@manager ~]# klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)
切换Hadoop组内用户票据
klist -kt /etc/security/keytabs/hdfs.headless.keytab
kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-hdv4@BIGDATA