Skip to content
This repository was archived by the owner on Apr 18, 2024. It is now read-only.

Commit c8b1a6c

Browse files
committed
Updated Postgres KDC deployment to match MySQL
1 parent b21f1bf commit c8b1a6c

File tree

1 file changed

+8
-7
lines changed

1 file changed

+8
-7
lines changed

v6/scripts/cm_boot_postgres.sh

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -60,9 +60,9 @@ cp /home/opc/.ssh/authorized_keys /root/.ssh/authorized_keys
6060
EXECNAME="KERBEROS"
6161
log "-> INSTALL"
6262

63-
yum -y install krb5-server krb5-libs
63+
yum -y install krb5-server krb5-libs krb5-workstation
6464
KERBEROS_PASSWORD="SOMEPASSWORD"
65-
OPC_USER_PASSWORD="somepassword"
65+
SCM_USER_PASSWORD="somepassword"
6666
kdc_server=$(hostname)
6767
kdc_fqdn=`host $kdc_server | gawk '{print $1}'`
6868
realm="hadoop.com"
@@ -82,9 +82,9 @@ includedir /etc/krb5.conf.d/
8282
renew_lifetime = 7d
8383
forwardable = true
8484
udp_preference_limit = 1000000
85-
default_tkt_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
86-
default_tgs_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
87-
permitted_enctypes = des-cbc-md5 des-cbc-crc des3-cbc-sha1
85+
default_tkt_enctypes = rc4-hmac
86+
default_tgs_enctypes = rc4-hmac
87+
permitted_enctypes = rc4-hmac
8888
8989
[realms]
9090
${REALM} = {
@@ -125,19 +125,20 @@ default_realm = ${REALM}
125125
max_life = 10h 0m 0s
126126
max_renewable_life = 7d 0h 0m 0s
127127
master_key_type = des3-hmac-sha1
128-
supported_enctypes = arcfour-hmac:normal des3-hmac-sha1:normal des-cbc-crc:normal des:normal des:v4 des:norealm des:onlyrealm des:afs3
128+
supported_enctypes = rc4-hmac:normal
129129
default_principal_flags = +preauth
130130
}
131131
EOF
132132

133133
rm -f /var/kerberos/krb5kdc/kadm5.acl
134134
cat > /var/kerberos/krb5kdc/kadm5.acl << EOF
135135
*/admin@${REALM} *
136+
cloudera-scm@${REALM} *
136137
EOF
137138

138139
kdb5_util create -r ${REALM} -s -P ${KERBEROS_PASSWORD}
139140

140-
echo -e "addprinc root/admin\n${KERBEROS_PASSWORD}\n${KERBEROS_PASSWORD}\naddprinc opc\n${OPC_USER_PASSWORD}\n${OPC_USER_PASSWORD}\nktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin\nktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw\nexit\n" | kadmin.local -r ${REALM}
141+
echo -e "addprinc root/admin\n${KERBEROS_PASSWORD}\n${KERBEROS_PASSWORD}\naddprinc cloudera-scm\n${SCM_USER_PASSWORD}\n${SCM_USER_PASSWORD}\nktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin\nktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/changepw\nexit\n" | kadmin.local -r ${REALM}
141142
log "-> START"
142143
systemctl start krb5kdc.service
143144
systemctl start kadmin.service

0 commit comments

Comments
 (0)