离线安装Kerberos

libkadm5

krb5-libs

krb5-workstation

（还有个krb5-server包，是服务端需要安装的，本次只安装客户端就不需要）

./krb5-server-1.15.1-55.el7_9.x86_64.rpm

./krb5-libs-1.15.1-55.el7_9.x86_64.rpm

./krb5-workstation-1.15.1-55.el7_9.x86_64.rpm

./libkadm5-1.15.1-55.el7_9.x86_64.rpm

./libevent-2.0.21-4.el7.x86_64.rpm

./libverto-libevent-0.2.5-4.el7.x86_64.rpm

rpm -Uvh krb5-libs-1.15.1-55.el7_9.x86_64.rpm

rpm -ivh libkadm5-1.15.1-55.el7_9.x86_64.rpm

rpm -ivh libevent-2.0.21-4.el7.x86_64

rpm -ivh libverto-libevent-0.2.5-4.el7.x86_64.rpm

rpm -ivh krb5-workstation-1.15.1-55.el7_9.x86_64.rpm

rpm -ivh words-3.0-22.el7.noarch.rpm

如果安装server 执行rpm -ivh krb5-server.x86_64.0.1.15.1-55.el7_9

ps

./base/packages/libevent-2.0.21-4.el7.x86_64.rpm

./base/packages/libverto-libevent-0.2.5-4.el7.x86_64.rpm

./base/packages/words-3.0-22.el7.noarch.rpm

./updates/packages/krb5-libs-1.15.1-55.el7_9.x86_64.rpm

./updates/packages/krb5-server-1.15.1-55.el7_9.x86_64.rpm

./updates/packages/krb5-workstation-1.15.1-55.el7_9.x86_64.rpm

./updates/packages/libkadm5-1.15.1-55.el7_9.x86_64.rpm

http://mirror.centos.org/centos/7/os/x86_64/Packages/libkadm5-1.15.1-50.el7.x86_64.rpm

http://mirror.centos.org/centos/7/os/x86_64/Packages/krb5-libs-1.15.1-50.el7.x86_64.rpm

http://mirror.centos.org/centos/7/os/x86_64/Packages/krb5-workstation-1.15.1-50.el7.x86_64.rpm

http://mirror.centos.org/centos/7/os/x86_64/Packages/krb5-server-1.15.1-50.el7.x86_64.rpm

rpm -ivh libkadm5的rpm文件名

rpm -ivh krb5-libs的rpm文件名

rpm -ivh krb5-workstation的rpm文件名

注意：

krb5-server-1.15.1-50.el7.x86_64.rpm

# Configuration snippets may be placed in this directory as well

includedir /etc/krb5.conf.d/

[logging]

default = FILE:/var/log/krb5libs.log

kdc = FILE:/var/log/krb5kdc.log

admin_server = FILE:/var/log/kadmind.log

[libdefaults]

dns_lookup_realm = false

ticket_lifetime = 24h

renew_lifetime = 7d

forwardable = true

rdns = false

pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt

default_realm = HADOOP.COM

[realms]

HADOOP.COM = {

  kdc = 172.16.121.147

  admin_server = 172.16.121.147

}

[domain_realm]

.hadoop.com = HADOOP.COM

hadoop.com =  HADOOP.COM

vim /var/kerberos/krb5kdc/kdc.conf

[kdcdefaults]

kdc_ports = 88

kdc_tcp_ports = 88

[realms]

HADOOP.COM = {

  #master_key_type = aes256-cts

  acl_file = /var/kerberos/krb5kdc/kadm5.acl

  dict_file = /usr/share/dict/words

  admin_keytab = /var/kerberos/krb5kdc/kadm5.keytab

  supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal

}

[root@hdp01 ~]# kdb5_util create -s -r HADOOP.COM

Loading random data

Initializing database '/var/kerberos/krb5kdc/principal' for realm 'HADOOP.COM',

master key name 'K/M@HADOOP.COM'

You will be prompted for the database Master Password.

It is important that you NOT FORGET this password.

(123456)

[root@hdp01 ~]#

[root@hdp01 ~]# kadmin.local -q "addprinc admin/admin"

Authenticating as principal root/admin@HADOOP.COM with password.

WARNING: no policy specified for admin/admin@HADOOP.COM; defaulting to no policy

Enter password for principal "admin/admin@HADOOP.COM":

Re-enter password for principal "admin/admin@HADOOP.COM":

Principal "admin/admin@HADOOP.COM" created.

(123456)

[root@hdp01 ~]#

[root@hdp01 ~]# cat /var/kerberos/krb5kdc/kadm5.acl

*/admin@HADOOP.COM      *