4.16. Kerberos配置
➢ 解答
• Kerberos 配置
1.设置 enable_secure_filesystem 为 on
2.设置 krb_srvname 为 keytab ⽤户的名称
3.设置 krb_server_keyfile 为 keytab 的路径,并赋权
4.修改 hdfs-client.xml 开启 kerberos
5.修改集群外 HDFS 的 core-site.xml
• HAWQ 参数配置
hawq config -s krb_srvname
hawq config -c krb_srvname -v gpadmin
hawq config -s enable_secure_filesystem
hawq config -c enable_secure_filesystem -v ON
hawq config -s krb_server_keyfile hawq config -c krb_server_keyfile -v '/home/gpadmin/hawq.keytab'
kadmin.local -q "list_principals"
kadmin.local -q "delprinc gpadmin@EXAMPLE.COM"
kadmin.local -q "addprinc -randkey gpadmin@EXAMPLE.COM"
kadmin.local -q "xst -norandkey -k /root/hawq.keytab gpadmin@EXAMPLE.COM"
• hdfs-client.xml 参数配置
hadoop.security.authentication
kerberos
hadoop.rpc.protection
privacy
dfs.block.access.token.enable
false
dfs.encrypt.data.transfer
false
dfs.data.transfer.protection
privacy
• core-site.xml 参数配置
hadoop.rpc.protection
privacy