杰霸霸博客

主题

Kerberos数据库操作

1. 登录Kerberos数据库

  1. 本地登录(无需认证)
sh
[root@hadoop101 ~]# kadmin.local 
Authenticating as principal root/admin@HADOOP.COM with password.
kadmin.local:(按两次TAB键,出现全部命令)  
?                 cpw               exit              get_principals    ktrem             lock              q                 xst
addpol            delete_policy     getpol            getprincs         ktremove          lr                quit              
add_policy        delete_principal  get_policies      getprivs          list_policies     modify_policy     rename_principal  
addprinc          delpol            get_policy        get_privs         listpols          modify_principal  renprinc          
add_principal     delprinc          getpols           get_strings       list_principals   modpol            setstr            
ank               delstr            getprinc          getstrs           listprincs        modprinc          set_string        
change_password   del_string        get_principal     ktadd             list_requests     purgekeys         unlock        
## 退出 exit
  1. 远程登录(需进行主体认证)
sh
## -p 指定用户主体
[root@hadoop102 ~]# kadmin -p admin/admin
Authenticating as principal admin/admin@HADOOP.COM with password.
Password for admin/admin@HADOOP.COM: 
kadmin:

2. 创建Kerberos主体

sh
## 添加一个主体admin, 格式是用户名/组名@领域名(不加领域名会补上默认领域)    
kadmin.local:  addprinc admin/admin
WARNING: no policy specified for admin/admin@HADOOP.COM; defaulting to no policy
Enter password for principal "admin/admin@HADOOP.COM": (输入密码)
Re-enter password for principal "admin/admin@HADOOP.COM": (确认密码)
Principal "admin/admin@HADOOP.COM" created.

3. 修改主体密码

sh
## 更改admin密码
kadmin.local:  cpw admin/admin
Enter password for principal "admin/admin@HADOOP.COM": 
Re-enter password for principal "admin/admin@HADOOP.COM": 
Password for "admin/admin@HADOOP.COM" changed.

4. 查看所有主体

sh
## 查看所有主体
kadmin.local:  listprincs
K/M@HADOOP.COM
admin/admin@HADOOP.COM
kadmin/admin@HADOOP.COM
kadmin/changepw@HADOOP.COM
kadmin/hadoop101@HADOOP.COM
kiprop/hadoop101@HADOOP.COM
krbtgt/HADOOP.COM@HADOOP.COM

退出输入:exit

5. 非交互执行

sh
[root@hadoop101 ~]# kadmin.local -q "addprinc zhangsan/admin"
Authenticating as principal root/admin@HADOOP.COM with password.
WARNING: no policy specified for zhangsan/admin@HADOOP.COM; defaulting to no policy
Enter password for principal "zhangsan/admin@HADOOP.COM": 
Re-enter password for principal "zhangsan/admin@HADOOP.COM": 
add_principal: Password mismatch while reading password for "zhangsan/admin@HADOOP.COM".