1:在hadoop01机器上添加其他节点的3个认证
t添加对hdfs的认证:
kadmin.local -q "addprinc -randkey yarn/[email protected]"
kadmin.local -q "addprinc -randkey yarn/[email protected]"
kadmin.local -q "addprinc -randkey yarn/[email protected]"
kadmin.local -q "addprinc -randkey mapred/[email protected]"
kadmin.local -q "addprinc -randkey mapred/[email protected]"
kadmin.local -q "addprinc -randkey mapred/[email protected]"
2:生产keytab文件
cd /var/kerberos/krb5kdc/
kadmin.local -q "xst -k yarn.keytab hdfs/[email protected]"
kadmin.local -q "xst -k yarn.keytab hdfs/[email protected]"
kadmin.local -q "xst -k yarn.keytab hdfs/[email protected]"
kadmin.local -q "xst -k mapred.keytab hdfs/[email protected]"
kadmin.local -q "xst -k mapred.keytab hdfs/[email protected]"
kadmin.local -q "xst -k mapred.keytab hdfs/[email protected]"
3:查看加密类型和时间戳
klist -ket yarn.keytab
klist -ket mapred.keytab
4:拷贝文件
cp yarn.keytab /etc/hadoop/conf/
cp mapred.keytab /etc/hadoop/conf/
cd /etc/hadoop/conf
chown -R yarn:hadoop yarn.keytab(如果是yarn,就是 yarn:hadoop)
chown -R mapred:hadoop mapred.keytab(如果是mapred,就是 mapred:hadoop)
yarn只需要读权限:
chown 400 yarn.keytab mapred.keytab
scp -r yarn.keytab root@hadoop02:/etc/hadoop/conf
scp -r yarn.keytab root@hadoop03:/etc/hadoop/conf
scp -r mapred:hadoop.keytab root@hadoop02:/etc/hadoop/conf
scp -r mapred:hadoop.keytab root@hadoop03:/etc/hadoop/conf
(一样登录 hadoop02,hadoop03 去修改 keytab文件权限)