kafka集群认证
1、安装Kerberos(10.10.10.168)
yum install krb5-server krb5-workstation krb5-libs -y 查看版本 klist -V Kerberos 5 version 1.20.1
编辑/etc/hosts
10.10.10.168 ms1 10.10.10.150 ms2 10.10.10.110 ms3
vim /etc/krb5.conf
# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
[logging]default = FILE:/var/log/krb5libs.logkdc = FILE:/var/log/krb5kdc.logadmin_server = FILE:/var/log/kadmind.log
[libdefaults]dns_lookup_realm = falseticket_lifetime = 24hrenew_lifetime = 7dforwardable = truerdns = falsepkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crtdefault_realm = LIEBE.COMdefault_ccache_name = KEYRING:persistent:%{uid}
[realms]LIEBE.COM = {kdc = 10.10.10.150admin_server = 10.10.10.150}
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM
vim /var/kerberos/krb5kdc/kdc.conf
[kdcdefaults]kdc_ports = 88kdc_tcp_ports = 88
[realms]EXAMPLE.COM = {#master_key_type = aes256-ctsacl_file = /var/kerberos/krb5kdc/kadm5.acldict_file = /usr/share/dict/wordsadmin_keytab = /var/kerberos/krb5kdc/kadm5.keytabsupported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal}
-
配置 kadm5.acl
-
修改权限相关配置文件
vim /var/kerberos/krb5kdc/kadm5.acl 其中前一个号是通配符,表示像名为“abc/admin”或“xxx/admin”的人都可以使用此工具(远程或本地)管理kerberos数据库,后一个跟权限有关,表示所有权限。EXAMPLE.C