两个kerberos安全集群之间的数据传输
[英]Data transfer between two kerberos secured cluster
问题描述
I am trying to transfer data between two secured kerberos . 
我正在尝试在两个安全的kerberos之间传输数据。 Cluster. 簇。 I am facing issue that I have no config change access to source cluster I need to change everything on destination cluster. 我遇到的问题是我没有对源群集的配置更改访问权限,我需要更改目标群集上的所有内容。 Is any way that I can setup trust realm between both the cluster without edit any config on source cluster. 我可以通过任何方式在两个群集之间设置信任域,而无需在源群集上编辑任何配置。
1 个解决方案
解决方案1
0 2019-07-16 17:07:47
If you are using distcp, then you will have to make sure both the clusters KDC know each other, by editing krb5.conf to add [realms] and [domain_realms] on each cluster to know about the other cluster as follows: 如果使用的是distcp,则必须通过编辑krb5.conf在每个群集上添加[realms]和[domain_realms]来了解另一个群集,以确保两个KDC彼此了解:
[realms]
<CLUSTER2_REALM> = {
kdc = <cluster2_server_kdc_host>:88
admin_server = <cluster2_server_kdc_host>:749
default_domain = <cluster2_host>
}
[domain_realm]
Clustre2_NN1 = CLUSTER2_REALM
Cluster2_NN2= CLUSTER2_REALM
Similarly on cluster2 as well, with CLUSTER1 details. 类似地,在cluster2上也有CLUSTER1详细信息。
Then you need to create principals on both the clusters 然后,您需要在两个集群上创建主体
addprinc -e "aes128-cts-hmac-sha1-96:normal aes256-cts-hmac-sha1-96:normal" krbtgt/<CLUSTER1_REASLM>@<CLUSTER2_REALMS>
modprinc -maxrenewlife <n>day krbtgt/<CLUSTER1_REALM>@<CLUSTER2_REALM>
Below properties needs to be set for hadoop.security.auth_to_local 需要为hadoop.security.auth_to_local设置以下属性
In Cluster1:
RULE:[1:$1@$0](.*@\Q<CLUSTER2_REALM>\E$)s/@\Q<CLUSTER2_REALM>\E$//
RULE:[2:$1@$0](.*@\Q<CLUSTER2_REALM>\E$)s/@\Q<CLUSTER2_REALM>\E$//
In Cluster2:
RULE:[1:$1@$0](.*@\Q<CLUSTER1_REALM>\E$)s/@\Q<CLUSTER1_REALM>\E$//
RULE:[2:$1@$0](.*@\Q<CLUSTER1_REALM>\E$)s/@\Q<CLUSTER1_REALM>\E$//
Restart kdc 重新启动kdc
/etc/init.d/krb5kdc stop
/etc/init.d/kadmin stop
/etc/init.d/krb5kdc start
/etc/init.d/kadmin start
Failover or Restart Namenodes 故障转移或重新启动名称节点
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.