91超碰碰碰碰久久久久久综合_超碰av人澡人澡人澡人澡人掠_国产黄大片在线观看画质优化_txt小说免费全本

溫馨提示×

安全模式下配置Hadoop身份驗證

小云
107
2023-10-11 10:04:43
欄目: 大數據

在安全模式下配置Hadoop身份驗證需要完成以下步驟:

  1. 生成Kerberos認證相關的密鑰和憑據:
kdb5_util create -s
ktadd -k /etc/security/keytabs/nn.service.keytab nn/hostname@REALM
ktadd -k /etc/security/keytabs/dn.service.keytab dn/hostname@REALM
ktadd -k /etc/security/keytabs/jhs.service.keytab jhs/hostname@REALM
ktadd -k /etc/security/keytabs/rm.service.keytab rm/hostname@REALM
ktadd -k /etc/security/keytabs/nm.service.keytab nm/hostname@REALM
ktadd -k /etc/security/keytabs/spnego.service.keytab HTTP/hostname@REALM
  1. 配置Kerberos客戶端:
vi /etc/krb5.conf
[libdefaults]
default_realm = REALM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
udp_preference_limit = 1
[realms]
REALM = {
kdc = kdc-hostname:88
admin_server = kdc-hostname:749
}
[domain_realm]
.hostname = REALM
hostname = REALM
  1. 配置Hadoop客戶端:
vi $HADOOP_HOME/etc/hadoop/core-site.xml
<configuration>
<property>
<name>hadoop.security.authentication</name>
<value>kerberos</value>
</property>
<property>
<name>hadoop.security.authorization</name>
<value>true</value>
</property>
<property>
<name>hadoop.security.auth_to_local</name>
<value>RULE:[2:$1@$0](.*@REALM)s/@.*//DEFAULT/</value>
</property>
</configuration>
vi $HADOOP_HOME/etc/hadoop/hdfs-site.xml
<configuration>
<property>
<name>dfs.namenode.kerberos.principal</name>
<value>nn/hostname@REALM</value>
</property>
<property>
<name>dfs.namenode.keytab.file</name>
<value>/etc/security/keytabs/nn.service.keytab</value>
</property>
<property>
<name>dfs.datanode.kerberos.principal</name>
<value>dn/hostname@REALM</value>
</property>
<property>
<name>dfs.datanode.keytab.file</name>
<value>/etc/security/keytabs/dn.service.keytab</value>
</property>
</configuration>
vi $HADOOP_HOME/etc/hadoop/yarn-site.xml
<configuration>
<property>
<name>yarn.resourcemanager.keytab</name>
<value>/etc/security/keytabs/rm.service.keytab</value>
</property>
<property>
<name>yarn.resourcemanager.principal</name>
<value>rm/hostname@REALM</value>
</property>
<property>
<name>yarn.nodemanager.keytab</name>
<value>/etc/security/keytabs/nm.service.keytab</value>
</property>
<property>
<name>yarn.nodemanager.principal</name>
<value>nm/hostname@REALM</value>
</property>
</configuration>
vi $HADOOP_HOME/etc/hadoop/mapred-site.xml
<configuration>
<property>
<name>mapreduce.jobhistory.keytab</name>
<value>/etc/security/keytabs/jhs.service.keytab</value>
</property>
<property>
<name>mapreduce.jobhistory.principal</name>
<value>jhs/hostname@REALM</value>
</property>
</configuration>
  1. 啟動Kerberos并檢查是否成功:
kadmin.local
start

0
大邑县| 玉田县| 南阳市| 广河县| 屯门区| 文山县| 阿图什市| 井研县| 曲阜市| 揭东县| 崇明县| 墨脱县| 星子县| 永平县| 博爱县| 江口县| 类乌齐县| 乐昌市| 防城港市| 策勒县| 门源| 金溪县| 石嘴山市| 拉萨市| 融水| 离岛区| 崇州市| 泸西县| 武陟县| 龙井市| 乌海市| 建昌县| 阆中市| 五原县| 汉源县| 连平县| 北辰区| 正安县| 轮台县| 兰考县| 易门县|