git clone https://github.com/apache/directory-kerby.git
cd directory-kerby mvn clean install -Pdist -DskipTests
Please look at How to deploy https for details.
An example of has-server.conf:
[HAS] https_host = localhost https_port = 8092 filter_auth_type = kerberos [PLUGIN] auth_type = MySQL
cd HAS/has-dist sh bin/start-has.sh <conf_dir> <work_dir>
also:
export HAS_CONF_DIR=<conf_dir> export HAS_WORK_DIR=<work_dir> cd HAS/has-dist sh bin/start-has.sh
Root privileges required if https_port or KDC port numbers range from 0 to 1023.
cd kerby-dist/has-dist // Proxy needed to be removed if it exists unset https_proxy // Start HAS init tool sh bin/has-init.sh <conf_dir> // Also: sh bin/has-init.sh, if HAS_CONF_DIR environment variable has been set. // Plugin_name example: MySQL HasInitTool: set_plugin <plugin_name> HasInitTool: exit
For MySQL plugin, please refer to MySQL plugin for details.
For LDAP plugin, please refer to LDAP plugin for details.
cd kerby-dist/has-dist // Start HAS init tool sh bin/has-init.sh <conf_dir> // An example of json backend: HasInitTool: config_kdcBackend json /tmp/has/jsonbackend // An example of mysql backend: HasInitTool: config_kdcBackend mysql jdbc:mysql://127.0.0.1:3306/mysqlbackend root passwd HasInitTool: exit
For mysql backend, please refer to How to use mysql backend for details.
cd kerby-dist/has-dist // Start HAS init tool sh bin/has-init.sh <conf_dir> // An example of configure HAS KDC: HasInitTool: config_kdc localhost 88 HADOOP.COM HasInitTool: exit
Please make sure the following configuration files exist in the conf directory:
has-server.conf backend.conf kdc.conf
cd kerby-dist/has-dist // Start HAS init tool sh bin/has-init.sh <conf_dir> HasInitTool: start HasInitTool: exit
cd kerby-dist/has-dist // Start HAS init tool sh bin/has-init.sh <conf_dir> HasInitTool: init HasInitTool: exit
Please look at How to deploy http spnego for details. Please restart the HAS server
cd kerby-dist/has-dist sh bin/stop-has.sh cd kerby-dist/has-dist sh bin/start-has.sh <conf_dir> <work_dir> cd kerby-dist/has-dist sh bin/has-init.sh <conf_dir> HasInitTool: start HasInitTool: exit
cd kerby-dist/has-dist // Start HAS init tool: sh bin/has-init.sh <conf_dir> // Get krb5.conf, and put it to /etc: HasInitTool: getkrb5 -p /etc HasInitTool: exit
cd kerby-dist/has-dist // Start HAS init tool sh bin/has-init.sh <conf_dir> // Get has-client.conf, and put it to /etc/has: HasInitTool: gethas -p /etc/has HasInitTool: exit
There are two ways to create and deploy corresponding keytabs of Hadoop.
cd kerby-dist/has-dist echo { \ HOSTS: [ \ {"name":"<host>","hostRoles":"<role>,..., <role>"\}, \ ... {"name":"<host>","hostRoles":"<role>,...,<role>"\} \ ] \ \} > hosts.txt // Start local hadmin tool sh bin/admin-local.sh <conf_dir> -k <keytab> // Also: sh bin/admin-local.sh -k <keytab>, if HAS_CONF_DIR environment variable has been set. // Also you can use remote admin tool, admin.keytab file needed to be placed in /etc/has sh bin/admin-remote.sh <conf_dir> // Also: sh bin/admin-remote.sh, if HAS_CONF_DIR environment variable has been set. admin.local: creprincs hosts.txt admin.local: exit
The admin.keytab file is created by the has-init. In local and remote admin tool, you can type “?” for help.
// Start local admin tool sh bin/admin-local.sh <conf_dir> -k <keytab> // keytab deploy [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password] // Where-to-Deploy: The place to store the keytabs // UserName: The host user name // Password: The host password // All the hosts with the same user and password admin.local: keytab deploy hosts.txt 22 /etc/has/ username password admin.local: exit
cd kerby-dist/has-dist echo { \ HOSTS: [ \ {"name":"<host>","hostRoles":"<role>,..., <role>"\}, \ ... {"name":"<host>","hostRoles":"<role>,...,<role>"\} \ ] \ \} > hosts.txt // Start local admin tool sh bin/admin-local.sh <conf_dir> -k <keytab> // keytab create_deploy [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password] // Where-to-Deploy: The place to store the keytabs // UserName: The host user name // Password: The host password // All the hosts with the same user and password admin.local: keytab create_deploy hosts.txt 22 /etc/has/ username password admin.local: exit
Note: The admin.keytab file is created by the has-init
. In local admin tool, you can type “?” for help.