Sunday, May 21, 2017

Steps to setup kdc before installing kerberos through ambari on hortonworks cluster Raw

ENV

#### OS centos7
#### REALM EXAMPLE.COM (update accordingly)
#### AS and KDC are running on hostname rks253secure.hdp.local (update accordingly)

install required packages

yum install -y krb5-server krb5-workstation pam_krb5
cd  /var/kerberos/krb5kdc

modify kadm acls

cat kadm5.acl 
*/admin@EXAMPLE.COM	*

modify kdc conf

cat kdc.conf 
[kdcdefaults]
 kdc_ports = 88
 kdc_tcp_ports = 88

[realms]
 EXAMPLE.COM = {
  #master_key_type = aes256-cts
  acl_file = /var/kerberos/krb5kdc/kadm5.acl
  dict_file = /usr/share/dict/words
  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab
  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal
 }

modify krb5.conf on node where ambari server is running.

cat /etc/krb5.conf

[libdefaults]
  renew_lifetime = 7d
  forwardable = true
  default_realm = EXAMPLE.COM
  ticket_lifetime = 24h
  dns_lookup_realm = false
  dns_lookup_kdc = false
  default_ccache_name = /tmp/krb5cc_%{uid}
  #default_tgs_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5
  #default_tkt_enctypes = aes des3-cbc-sha1 rc4 des-cbc-md5

[logging]
  default = FILE:/var/log/krb5kdc.log
  admin_server = FILE:/var/log/kadmind.log
  kdc = FILE:/var/log/krb5kdc.log

[realms]
  EXAMPLE.COM = {
    admin_server = rks253secure.hdp.local
    kdc = rks253secure.hdp.local
  }

create KDC database

kdb5_util create -s -r EXAMPLE.COM

Start and Enable Kerberos

systemctl start krb5kdc kadmin
systemctl enable krb5kdc kadmin

create principal root/admin@EXAMPLE.COM

# kadmin.local
kadmin.local: addprinc root/admin
kadmin.local: quit

test if you are able to get TGT after supplying password.

kinit root/admin@EXAMPLE.COM

now start ambari-server enable kerberos wizard which will ask you to supply KDC and AS host name and REALM to start

view raw kerberos_installation_on_hdp_centos7.md hosted with ❤ by GitHub

Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)