Skip to content

Installing Kerberos Server

by on March 11, 2013

Usually this should be handled by the IT team, but i’m my own IT man…

If there is an existing Kerberos server in the IT environment, it may be used, or a dedicated Kerberos server should be installed for securing the HBase cluster.

Reference:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Managing_Smart_Cards/Configuring_a_Kerberos_5_Server.html

  • Install and configure NTP (Network Time Protocol)
yum –y install ntp

ntpdate <IP>

vi /etc/ntp.conf – add server <IP> and remark server 0,1,2.rhel.pool.ntp.org (three lines)

service ntpd start – start the ntp daemon service

chkconfig ntpd on – configure the service to start automatically when server starts

  • Install Kerberos packages
yum -y install krb5-libs krb5-server krb5-workstation
  • Configure Kerberos
vi /etc/krb5.conf  –  change the example.com and EXAMPLE.COM

vi /var/kerberos/krb5kdc/kdc.conf –  change the example.com and EXAMPLE.COM,
add max_life = 999d (see below and handling tickets)

 

  •  
  • Create the Kerberos database
/usr/sbin/kdb5_util create –s

Loading random data

Initializing database ‘/var/kerberos/krb5kdc/principal’ for realm ‘HTR’,

master key name ‘K/M@HTR’

You will be prompted for the database Master Password.

It is important that you NOT FORGET this password.

Enter KDC database master key: passwd

Re-enter KDC database master key to verify: passwd

 

  • Define Admin
vi /var/kerberos/krb5kdc/kadm5.acl – change EXAMPLE.COM and add a user
  • Create First principle
/usr/sbin/kadmin.local -q “addprinc username/admin”

Authenticating as principal root/admin@HTR with password.

WARNING: no policy specified for username/admin@HTR; defaulting to no policy

Enter password for principal “ username/admin@HTR”:

Re-enter password for principal “ username/admin@HTR”: passwd

Principal “ username/admin@HTR” created.

 

  • Start Kerberos using the following commands:
service krb5kdc start
service kadmin start
  • Add principals – use kadmin
On Kerberos server:

kadmin: add_princ client@HTR

On Client server:

kinit client@HTR

klist

Default principal: root@HTR

Valid starting     Expires            Service principal

02/28/13 14:21:00  03/01/13 14:21:00  krbtgt/HTR@HTR

renew until 02/28/13 14:21:00

and that’s it…
Next – how to configure security of Hadoop and HBase using kerberos.

Advertisements

From → Uncategorized

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: