1.在KDC上創建用戶
1.1生成隨機key的principal:使用keytab文件進行認證
# kadmin admin/[email protected]
kadminl: addprinc -randkey [email protected] //新建cctest用戶
kadmin: xst -k cctest-unmerged.keytab [email protected] //生成cctest的keytab文件
1.2 生成指定key的principa:支持輸入密碼認證
kadmin: addprinc [email protected]
WARNING: no policy specified for [email protected]; defaulting to no policy
Enter password for principal "[email protected]":
Re-enter password for principal "[email protected]":
Principal "[email protected]" created.
1.3 查看用戶
kadmin: listprincs
[email protected]
[email protected]
[email protected]
1.4 生成keytab文件
# ktutil
Ktutil:rkt aatest-unmerged.keytab //添加keytab文件到列表
Ktutil:wkt aatest.keytab //合併列表生成keytab文件# klist -kt cctest.keytab
Keytab name: FILE:cctest.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
4 04/28/2019 11:27:15 [email protected]
4 04/28/2019 11:27:15 [email protected]
4 04/28/2019 11:27:15 [email protected]
4 04/28/2019 11:27:15 [email protected]
4 04/28/2019 11:27:15 [email protected]
4 04/28/2019 11:27:15 [email protected]
4 04/28/2019 11:27:15 [email protected]
4 04/28/2019 11:27:15 [email protected]注:keytab文件會生成在當前用戶的home目錄下
2.在hbase上賦權
用hbase的超級用戶
#kinit -kt /etc/security/keytabs/hbase.headless.keytab [email protected]
#hbase shell
hbase(main):003:0> grant 'aatest','RWXCA' //給用戶賦權 R W X C A
Took 0.2068 seconds
3.登錄hbase
#kinit -kt aatest.keytab [email protected]
hbase(main):005:0> whoami
[email protected] (auth:KERBEROS)
Took 0.0096 seconds