安全模式下配置Hadoop身份验证

在安全模式下配置Hadoop身份验证需要完成以下步骤：

1. 生成Kerberos认证相关的密钥和凭据：

kdb5_util create -s
ktadd -k /etc/security/keytabs/nn.service.keytab nn/hostname@REALM
ktadd -k /etc/security/keytabs/dn.service.keytab dn/hostname@REALM
ktadd -k /etc/security/keytabs/jhs.service.keytab jhs/hostname@REALM
ktadd -k /etc/security/keytabs/rm.service.keytab rm/hostname@REALM
ktadd -k /etc/security/keytabs/nm.service.keytab nm/hostname@REALM
ktadd -k /etc/security/keytabs/spnego.service.keytab HTTP/hostname@REALM

1. 配置Kerberos客户端：

vi /etc/krb5.conf
[libdefaults]
default_realm = REALM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts-hmac-sha1⑼6 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1⑼6 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1⑼6 rc4-hmac des-cbc-crc des-cbc-md5
udp_preference_limit = 1
[realms]
REALM = {
kdc = kdc-hostname:88
admin_server = kdc-hostname:749
}
[domain_realm]
.hostname = REALM
hostname = REALM

1. 配置Hadoop客户端：

vi $HADOOP_HOME/etc/hadoop/core-site.xml


hadoop.security.authentication
kerberos


hadoop.security.authorization
true


hadoop.security.auth_to_local
RULE:[2:$1@$0](.*@REALM)s/@.*//DEFAULT/


vi $HADOOP_HOME/etc/hadoop/hdfs-site.xml


dfs.namenode.kerberos.principal
nn/hostname@REALM


dfs.namenode.keytab.file
/etc/security/keytabs/nn.service.keytab


dfs.datanode.kerberos.principal
dn/hostname@REALM


dfs.datanode.keytab.file
/etc/security/keytabs/dn.service.keytab


vi $HADOOP_HOME/etc/hadoop/yarn-site.xml


yarn.resourcemanager.keytab
/etc/security/keytabs/rm.service.keytab


yarn.resourcemanager.principal
rm/hostname@REALM


yarn.nodemanager.keytab
/etc/security/keytabs/nm.service.keytab


yarn.nodemanager.principal
nm/hostname@REALM


vi $HADOOP_HOME/etc/hadoop/mapred-site.xml


mapreduce.jobhistory.keytab
/etc/security/keytabs/jhs.service.keytab


mapreduce.jobhistory.principal
jhs/hostname@REALM

1. 启动Kerberos并检查是否是成功：

kadmin.local