@@ -60,9 +60,9 @@ cp /home/opc/.ssh/authorized_keys /root/.ssh/authorized_keys
60
60
EXECNAME=" KERBEROS"
61
61
log " -> INSTALL"
62
62
63
- yum -y install krb5-server krb5-libs
63
+ yum -y install krb5-server krb5-libs krb5-workstation
64
64
KERBEROS_PASSWORD=" SOMEPASSWORD"
65
- OPC_USER_PASSWORD =" somepassword"
65
+ SCM_USER_PASSWORD =" somepassword"
66
66
kdc_server=$( hostname)
67
67
kdc_fqdn=` host $kdc_server | gawk ' {print $1}' `
68
68
realm=" hadoop.com"
@@ -82,9 +82,9 @@ includedir /etc/krb5.conf.d/
82
82
renew_lifetime = 7d
83
83
forwardable = true
84
84
udp_preference_limit = 1000000
85
- default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
86
- default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
87
- permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
85
+ default_tkt_enctypes = rc4-hmac
86
+ default_tgs_enctypes = rc4-hmac
87
+ permitted_enctypes = rc4-hmac
88
88
89
89
[realms]
90
90
${REALM} = {
@@ -125,19 +125,20 @@ default_realm = ${REALM}
125
125
max_life = 10h 0m 0s
126
126
max_renewable_life = 7d 0h 0m 0s
127
127
master_key_type = des3-hmac-sha1
128
- supported_enctypes = arcfour -hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
128
+ supported_enctypes = rc4 -hmac:normal
129
129
default_principal_flags = +preauth
130
130
}
131
131
EOF
132
132
133
133
rm -f /var/kerberos/krb5kdc/kadm5.acl
134
134
cat > /var/kerberos/krb5kdc/kadm5.acl << EOF
135
135
*/admin@${REALM} *
136
+ cloudera-scm@${REALM} *
136
137
EOF
137
138
138
139
kdb5_util create -r ${REALM} -s -P ${KERBEROS_PASSWORD}
139
140
140
- echo -e " addprinc root/admin\n${KERBEROS_PASSWORD} \n${KERBEROS_PASSWORD} \naddprinc opc \n${OPC_USER_PASSWORD } \n${OPC_USER_PASSWORD } \nktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin\nktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw\nexit\n" | kadmin.local -r ${REALM}
141
+ echo -e " addprinc root/admin\n${KERBEROS_PASSWORD} \n${KERBEROS_PASSWORD} \naddprinc cloudera-scm \n${SCM_USER_PASSWORD } \n${SCM_USER_PASSWORD } \nktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin\nktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw\nexit\n" | kadmin.local -r ${REALM}
141
142
log " -> START"
142
143
systemctl start krb5kdc.service
143
144
systemctl start kadmin.service
0 commit comments