环境依赖
zookeeper认证配置
kadmin.local -q "addprinc -randkey zookeeper/bigdata-05@HADOOP.COM"
kadmin.local -q "addprinc -randkey zookeeper/bigdata-01@HADOOP.COM"
kadmin.local -q "addprinc -randkey zookeeper/data01@HADOOP.COM"
kadmin.local -q "listprincs" 验证添加用户信息
kadmin.local -q "xst -k /root/keytabs/kerberos/zookeeper.keytab zookeeper/bigdata-05@HADOOP.COM"
kadmin.local -q "xst -k /root/keytabs/kerberos/zookeeper.keytab zookeeper/bigdata-01@HADOOP.COM"
kadmin.local -q "xst -k /root/keytabs/kerberos/zookeeper.keytab zookeeper/data01@HADOOP.COM"
klist -kt /root/keytabs/kerberos/zookeeper.keytab
Server{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/etc/security/keytabs/zookeeper.keytab"
principal="zookeeper/bigdata-05@HADOOP.COM"
userTicketCache=false;
};
Client{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab="/etc/security/keytabs/zookeeper.keytab"
principal="zookeeper/bigdata-05@HADOOP.COM"
userTicketCache=false;
};
authProvider.1=org.apache.zookeeper.server.auth.SASLAuthenticationProvider
requireClientAuthScheme=sasl
jaasLoginRenew=3600000
etc/java.env
export JVMFLAGS="-Djava.security.auth.login.config=/etc/security/keytabs/zooke
eper.jaas -Djava.security.krb5.conf=/etc/krb5.conf"
bin/zkServer.sh start
kafka认证配置
kadmin.local -q "addprinc -randkey kafka/bigdata-03@HADOOP.COM"
kadmin.local -q "addprinc -randkey kafka/bigdata-05@HADOOP.COM"
kadmin.local -q "listprincs" 验证添加用户信息
kadmin.local -q "xst -k /root/keytabs/kerberos/kafka.keytab kafka/bigdata-03@HADOOP.COM"
kadmin.local -q "xst -k /root/keytabs/kerberos/kafka.keytab kafka/bigdata-05@HADOOP.COM"
klist -kt /root/keytabs/kerberos/kafka.keytab
KafkaServer{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
serviceName="kafka"
keyTab="/etc/security/keytabs/kafka.keytab"
principal="kafka/bigdata-03@HADOOP.COM";
};
KafkaServer{
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
serviceName="kafka"
keyTab="/etc/security/keytabs/kafka.keytab"
principal="kafka/bigdata-03@HADOOP.COM";
};
listeners=SASL_PLAINTEXT://192.168.199.102:9098
advertised.listeners=SASL_PLAINTEXT://192.168.199.102:9098
security.inter.broker.protocol=SASL_PLAINTEXT
sasl.mechanism.inter.broker.protocol=GSSAPI
sasl.enabled.mechanisms=GSSAPI
sasl.kerberos.service.name=kafka //需要跟principal的名称相同
export KAFKA_OPTS="-Dzookeeper.sasl.client=true -
Dzookeeper.sasl.client.username=zookeeper -
Djava.security.krb5.conf=/etc/krb5.conf -
Djava.security.auth.login.
config=/etc/security/keytabs/kafka.jaas"
kafka-client-jaas.conf:
KafkaClient {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/etc/security/keytabs/kafka.keytab"
storeKey=true
useTicketCache=false
principal="kafka/bigdata-03@HADOOP.COM";
};
kafka_client.properties:
security.protocol=SASL_PLAINTEXT
sasl.mechanism=GSSAPI
sasl.kerberos.service.name=kafka //需要跟principal的名称相同
export KAFKA_OPTS="-Djava.security.krb5.conf=/etc/krb5.conf -
Djava.security.auth.login.config=/etc/security/keytabs/kafka-client-jaas.conf"
./kafka-topics.sh --list --bootstrap-server 192.168.199.102:9098 --command-config
/etc/security/keytabs/kafka_client.properties
文章版权归作者所有,未经允许请勿转载,若此文章存在违规行为,您可以联系管理员删除。
转载请注明本文地址:https://www.ucloud.cn/yun/129095.html
摘要:相关文章从到学习介绍从到学习上搭建环境并构建运行简单程序入门从到学习配置文件详解从到学习介绍从到学习如何自定义从到学习介绍从到学习如何自定义 showImg(https://segmentfault.com/img/remote/1460000016930071?w=1920&h=1275); 前面文章我们已经知道 Flink 是什么东西了,安装好 Flink 后,我们再来看下安装路径...
阅读 3732·2023-01-11 11:02
阅读 4242·2023-01-11 11:02
阅读 3048·2023-01-11 11:02
阅读 5178·2023-01-11 11:02
阅读 4731·2023-01-11 11:02
阅读 5532·2023-01-11 11:02
阅读 5311·2023-01-11 11:02
阅读 3985·2023-01-11 11:02