git clone https://github.com/apache/directory-kerby.git
cd directory-kerby mvn clean install -Pdist -DskipTests
Please look at How to deploy https for details.
An example of has-server.conf:
[HAS] https_host = localhost https_port = 8092 filter_auth_type = kerberos [PLUGIN] auth_type = MySQL
cd HAS/has-dist sh bin/start-has.sh <conf_dir> <work_dir>
also:
export HAS_CONF_DIR=<conf_dir> export HAS_WORK_DIR=<work_dir> cd HAS/has-dist sh bin/start-has.sh
Root privileges required if https_port or KDC port numbers range from 0 to 1023.
cd kerby-dist/has-dist // Proxy needed to be removed if it exists unset https_proxy // Start HAS init tool sh bin/has-init.sh <conf_dir> // Also: sh bin/has-init.sh, if HAS_CONF_DIR environment variable has been set. // Plugin_name example: MySQL HasInitTool: set_plugin <plugin_name> HasInitTool: exit
cd kerby-dist/has-dist // Start HAS init tool sh bin/has-init.sh <conf_dir> // An example of json backend: HasInitTool: config_kdcBackend json /tmp/has/jsonbackend // An example of mysql backend: HasInitTool: config_kdcBackend mysql jdbc:mysql://127.0.0.1:3306/mysqlbackend root passwd HasInitTool: exit
cd kerby-dist/has-dist // Start HAS init tool sh bin/has-init.sh <conf_dir> // An example of configure HAS KDC: HasInitTool: config_kdc localhost 88 HADOOP.COM HasInitTool: exit
Please make sure the following configuration files exist in the conf directory: has-server.conf backend.conf kdc.conf
cd kerby-dist/has-dist // Start HAS init tool sh bin/has-init.sh <conf_dir> HasInitTool: start HasInitTool: exit
cd kerby-dist/has-dist // Start HAS init tool sh bin/has-init.sh <conf_dir> HasInitTool: init HasInitTool: exit
Please look at How to deploy http spnego for details. Please restart the HAS server
cd kerby-dist/has-dist sh bin/stop-has.sh cd kerby-dist/has-dist sh bin/start-has.sh <conf_dir> <work_dir> cd kerby-dist/has-dist sh bin/has-init.sh <conf_dir> HasInitTool: start HasInitTool: exit
cd kerby-dist/has-dist // Start HAS init tool: sh bin/has-init.sh <conf_dir> // Get krb5.conf, and put it to /etc: HasInitTool: getkrb5 -p /etc HasInitTool: exit
cd kerby-dist/has-dist // Start HAS init tool sh bin/has-init.sh <conf_dir> // Get has-client.conf, and put it to /etc/has: HasInitTool: gethas -p /etc/has HasInitTool: exit
There are two ways to create and deploy corresponding keytabs of Hadoop.
cd kerby-dist/has-dist echo { \ HOSTS: [ \ {"name":"<host>","hostRoles":"<role>,..., <role>"\}, \ ... {"name":"<host>","hostRoles":"<role>,...,<role>"\} \ ] \ \} > hosts.txt // Start local hadmin tool sh bin/admin-local.sh <conf_dir> -k <keytab> // Also: sh bin/admin-local.sh -k <keytab>, if HAS_CONF_DIR environment variable has been set. // Also you can use remote admin tool, admin.keytab file needed to be placed in /etc/has sh bin/admin-remote.sh <conf_dir> // Also: sh bin/admin-remote.sh, if HAS_CONF_DIR environment variable has been set. HadminLocalTool.local: creprincs hosts.txt HadminLocalTool.local: exit
The admin.keytab file is created by the kdcinit. In local and remote hadmin tool, you can type “?” for help.
cd kerby-dist/has-dist // Start local or remote hadmin tool sh bin/admin-local.sh(bin/admin-remote.sh) <conf_dir> -k <keytab> HadminLocalTool.local: hostroles HadminLocalTool.local: exit
cd kerby-dist/has-dist // Start local or remote hadmin tool sh bin/admin-local.sh(bin/admin-remote.sh) <conf_dir> -k <keytab> // An example of exporting keytabs of localhost(hostname): HadminLocalTool.local: expkeytabs localhost HadminLocalTool.local: exit
cd kerby-dist/has-dist echo { \ HOSTS: [ \ {"name":"<host>","hostRoles":"<role>,..., <role>"\}, \ ... {"name":"<host>","hostRoles":"<role>,...,<role>"\} \ ] \ \} > hosts.txt // Start local hadmin tool sh bin/admin-local.sh <conf_dir> -k <keytab> // deploy_keytabs [HostRoles-File] [Where-to-Deploy] [SSH-Port] [UserName] [Password] // Where-to-Deploy: The place to store the keytabs // UserName: The host user name // Password: The host password // All the hosts with the same user and password HadminLocalTool.local: deploy_keytabs hosts.txt 22 /etc/has/ username password HadminLocalTool.local: exit
Note: The admin.keytab file is created by the has-init
. In local hadmin tool, you can type “?” for help.