Skip to content

Installing kerberos – need security for HBase

by on February 7, 2013

Well, although we really don’t want to get into it, it seems mandatory to have security for HBase. Our customers will defiantly require this.
Some of our guys who administer HBase cluster. went into investigation and found out it is a bit messy, so we need some IT assistance.
In our lab, as I’m my own IT – we’ve decided to create a small HBase cluster (running on VM) just to check such things as security, and provide some best practice document.

Installing a VM is quiet easy and I’ve followed some Red-Hat document.

Our group name is HTR so I chose this instead of EXAMPLE.com, I hope it will be enough.

Now that I’ve done – next step to connect it to the HBase cluster.

===

Following https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/Configuring_a_Kerberos_5_Server.html

#NTP has to sync otherwise kbs clients will not work.

yum –y install ntp
ntpdate <IP>
vi /etc/ntp.conf – add server <IP> and remark server 0,1,2.rhel.pool.ntp.org (three lines)

#install

yum -y install krb5-libs krb5-server krb5-workstation

#Configure (I’ve set the server name to be “Kerberos”)

vi /etc/krb5.conf  /var/kerberos/krb5kdc/kdc.conf # change the example.com and EXAMPLE.COM

#create the database

/usr/sbin/kdb5_util create –s

Loading random data
Initializing database ‘/var/kerberos/krb5kdc/principal’ for realm ‘HTR’,
master key name ‘K/M@HTR’
You will be prompted for the database Master Password.
It is important that you NOT FORGET this password.
Enter KDC database master key:
Re-enter KDC database master key to verify:

#define admin

vi /var/kerberos/krb5kdc/kadm5.acl – change EXAMPLE.COM and add a user

#create first principal

/usr/sbin/kadmin.local -q "addprinc username/admin"

Authenticating as principal root/admin@HTR with password.
WARNING: no policy specified for username/admin@HTR; defaulting to no policy
Enter password for principal “ username/admin@HTR”:
Re-enter password for principal “ username/admin@HTR”:
Principal “ username/admin@HTR” created. 

#Start Kerberos using the following commands:

/sbin/service krb5kdc start
/sbin/service kadmin start

#add principals – use kadmin

#verification

kinit

Password for root@HTR:

klist 

Default principal: root@HTR
Valid starting     Expires            Service principal
02/07/13 14:13:11  02/08/13 14:13:11  krbtgt/HTR@HTR
        renew until 02/07/13 14:13:11

 

Advertisements

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: