????3??#vim /var/kerberos/krb5kdc/kadm5.acl
??????????????????????Щ????????kadmin??????????kerberos?????????????????У?
????*/admin@MH.COM *
????????????*??????????????????“abc/admin”??“xxx/admin”????????????????????????????kerberos??????????*??????й??*???????????????????и?????????μ?ACL??
????4??#kdb5_util create -s
????????????kerberos?????
????5??????????????????????kadmin???????????????У??????????????????????????????????????????е???????kadmin.local????????????????????kerberos server????У???????oracle?е?sys???????????????
????#kadmin.local -q "addprinc admin/admin"
?????????????????“admin/admin”?????????κ??????????????????????kadm5.acl?е???????????????/admin??β???????л???????????????????????????????????????????kadmin?????????????
???????
????#service krb5kdc start
????#service kadmin start
????#chkconfig krb5kdc on
????#chkconfig kadmin on
???????
????#kinit admin/admin
???????kinit?????????????????????????????????????root?????????????root??kerberos????????в???У????????????
????#klist
????????????????
????Ticket cache: FILE:/tmp/krb5cc_0
????Default principal: admin/admin@MH.COM
????Valid starting     Expires            Service principal
????04/10/15 13:03:36  04/11/15 13:03:36  krbtgt/MH.COM@MH.COM
????renew until 04/10/15 13:03:36
????????????????ò????????????????й??ktadd??????“????”д???????.keytab??????????????keytab??????粻????????д??/etc/krb5.keytab
????kadmin.local: ktadd kadmin/admin
????kadmin.local: ktadd kadmin/changepw
?????????Щ????
????#kdestroy????????kerberos?????????????kinit??????????
????kadmin.local>listprincs ?г????д?????????е???????
????kadmin.local>delprinc zookeeper/kbhbase1.mh.com@MH.COM ?????????
????kadmin.local>addprinc admin/admin ?????????
????kadmin.local>q ???kadmin
????kadmin:  addprinc -randkey root/kbhbase1.mh@MH.COM
????kadmin:  xst -k root.keytab root/kbhbase1.mh.com
????# klist -kt root.keytab ?г????keytab?б??????????????
????????????????????kinit??????????????ζ?????????????????????????keytab????????????????????????????????????????У???????????????keytab????????ζ?????????
????kerberos client????
??????????????kbhbase1?????????????????kerberos ????????kerberos???????????????????????????????????????ntp???????????????????????????????£????????ntp??? #yum install krb5-libs krb5-workstation ?????kerberos server???yum???????????????server???krb5.conf????????????????????ɡ????
????kb1??kbhbase1??/etc/hosts???????????????????????
?????????????server???????
????#service iptables stop
????#chkconfig iptables off
????????server??????????kinit??klist?????????????????kadmin??????????admin/admin?????????????????????????????????????????????????????????????????????в?????????????????????????