Ambari学习笔记-配置Hbase权限（开启Kerberos）_hbase开启kerberos认证

1.在KDC上创建用户

1.1生成随机key的principal：使用keytab文件进行认证

# kadmin admin/admin@CCTEST.DEV
kadminl: addprinc -randkey cctest@CCTEST.DEV    //新建cctest用户
kadmin: xst -k cctest-unmerged.keytab cctest@CCTEST.DEV  //生成cctest的keytab文件

1.2 生成指定key的principa：支持输入密码认证 

kadmin:  addprinc aatest@CCTEST.DEV
WARNING: no policy specified for aatest@CCTEST.DEV; defaulting to no policy
Enter password for principal "aatest@CCTEST.DEV": 
Re-enter password for principal "aatest@CCTEST.DEV": 
Principal "aatest@CCTEST.DEV" created.

1.3 查看用户 

kadmin:  listprincs
aatest@CCTEST.DEV
bbtest@CCTEST.DEV
cctest@CCTEST.DEV

1.4 生成keytab文件

# ktutil
Ktutil:rkt aatest-unmerged.keytab  //添加keytab文件到列表
Ktutil:wkt aatest.keytab    //合并列表生成keytab文件

# klist -kt cctest.keytab 
Keytab name: FILE:cctest.keytab
KVNO Timestamp           Principal
---- ------------------- ------------------------------------------------------
   4 04/28/2019 11:27:15 aatest@CCTEST.DEV
   4 04/28/2019 11:27:15 aatest@CCTEST.DEV
   4 04/28/2019 11:27:15 aatest@CCTEST.DEV
   4 04/28/2019 11:27:15 aatest@CCTEST.DEV
   4 04/28/2019 11:27:15 aatest@CCTEST.DEV
   4 04/28/2019 11:27:15 aatest@CCTEST.DEV
   4 04/28/2019 11:27:15 aatest@CCTEST.DEV
   4 04/28/2019 11:27:15 aatest@CCTEST.DEV

注：keytab文件会生成在当前用户的home目录下

2.在hbase上赋权

用hbase的超级用户

#kinit -kt /etc/security/keytabs/hbase.headless.keytab hbase-cchdp@CCTEST.DEV

#hbase shell
hbase(main):003:0> grant 'aatest','RWXCA'                  //给用户赋权 R W X C A
Took 0.2068 seconds 

3.登录hbase

#kinit -kt aatest.keytab aatest@CCTEST.DEV
hbase(main):005:0>  whoami
aatest@CCTEST.DEV (auth:KERBEROS)
Took 0.0096 seconds