4.16. Kerberos配置

➢ 解答
• Kerberos 配置
1.设置 enable_secure_filesystem 为 on
2.设置 krb_srvname 为 keytab ⽤户的名称
3.设置 krb_server_keyfile 为 keytab 的路径，并赋权
4.修改 hdfs-client.xml 开启 kerberos
5.修改集群外 HDFS 的 core-site.xml
• HAWQ 参数配置
hawq config -s krb_srvname
hawq config -c krb_srvname -v gpadmin
hawq config -s enable_secure_filesystem
hawq config -c enable_secure_filesystem -v ON
hawq config -s krb_server_keyfile hawq config -c krb_server_keyfile -v '/home/gpadmin/hawq.keytab'

kadmin.local -q "list_principals"
kadmin.local -q "delprinc gpadmin@EXAMPLE.COM"
kadmin.local -q "addprinc -randkey gpadmin@EXAMPLE.COM"
kadmin.local -q "xst -norandkey -k /root/hawq.keytab gpadmin@EXAMPLE.COM"
• hdfs-client.xml 参数配置

hadoop.security.authentication
kerberos


hadoop.rpc.protection
privacy


dfs.block.access.token.enable
false


dfs.encrypt.data.transfer
false


dfs.data.transfer.protection
privacy

• core-site.xml 参数配置

hadoop.rpc.protection
privacy