kerberos
https://www.freesion.com/article/25221275844/
https://www.jianshu.com/p/032cc462bbca
https://www.cnblogs.com/bainianminguo/p/12548175.html
https://blog.csdn.net/a118170653/article/details/43448155
kafka
https://blog.csdn.net/huanqingdong/article/details/84979110
https://www.cnblogs.com/yjt1993/p/13674183.html
https://blog.csdn.net/lxyygiuh/article/details/111871144
https://blog.csdn.net/u012806692/article/details/86504701
klist -t -e -k /var/kerberos/krb5kdc/kafka.keytab
[root@hadoop140 krb5kdc]# klist -t -e -k kafka.keytab
Keytab name: FILE:kafka.keytab
KVNO Timestamp Principal
---- ------------------- ------------------------------------------------------
1 2022-01-17T14:08:11 kafka/hadoop@EXAMPLE.COM (aes256-cts-hmac-sha1-96)
1 2022-01-17T14:08:11 kafka/hadoop@EXAMPLE.COM (aes128-cts-hmac-sha1-96)
1 2022-01-17T14:08:11 kafka/hadoop@EXAMPLE.COM (des3-cbc-sha1)
1 2022-01-17T14:08:11 kafka/hadoop@EXAMPLE.COM (arcfour-hmac)
1 2022-01-17T14:08:11 kafka/hadoop@EXAMPLE.COM (camellia256-cts-cmac)
1 2022-01-17T14:08:11 kafka/hadoop@EXAMPLE.COM (camellia128-cts-cmac)
1 2022-01-17T14:08:11 kafka/hadoop@EXAMPLE.COM (des-hmac-sha1)
1 2022-01-17T14:08:11 kafka/hadoop@EXAMPLE.COM (des-cbc-md5)
1 2022-01-17T14:14:46 kafka/hadoop140@EXAMPLE.COM (aes256-cts-hmac-sha1-96)
1 2022-01-17T14:14:46 kafka/hadoop140@EXAMPLE.COM (aes128-cts-hmac-sha1-96)
1 2022-01-17T14:14:46 kafka/hadoop140@EXAMPLE.COM (des3-cbc-sha1)
1 2022-01-17T14:14:46 kafka/hadoop140@EXAMPLE.COM (arcfour-hmac)
1 2022-01-17T14:14:46 kafka/hadoop140@EXAMPLE.COM (camellia256-cts-cmac)
1 2022-01-17T14:14:46 kafka/hadoop140@EXAMPLE.COM (camellia128-cts-cmac)
1 2022-01-17T14:14:46 kafka/hadoop140@EXAMPLE.COM (des-hmac-sha1)
1 2022-01-17T14:14:46 kafka/hadoop140@EXAMPLE.COM (des-cbc-md5)
集群安装:
https://blog.csdn.net/csq2002/article/details/84800760
addAcl /mynode sasl:zookeeper/computer9@HADOOP.COM:cdrwa 设置节点权限
https://www.cnblogs.com/bugzeroman/p/12858256.html
https://www.jianshu.com/p/ca78a43ec107
zookeeper:
https://blog.csdn.net/m0_37911384/article/details/90406058
https://www.jianshu.com/p/23c08900f44e
export JVMFLAGS="-Djava.security.auth.login.config=/opt/zookeeper/conf/jaas.conf -Dzookeeper.allowSaslFailedClients=false"
https://blog.51cto.com/1992zhong/1958018
解决方法: 使用zkCli.sh -server host:port 访问。 同时zookeeper配置文件中sever部分的principal必须为zookeeper/<hostname>@<your realm>
GitHub - shafiquejamal/kafka-zookeeper-kerberos:
https://article.itxueyuan.com/ylgo9Q
sessionRequireClientSASLAuth=true #客户端必须 SASL 认证
https://article.itxueyuan.com/ylgo9Q
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
keyTab="/home/hadoop/app/apache-zookeeper-3.6.3-bin/conf/zk-server.keytab"
storeKey=true
useTicketCache=false
principal="zk-server/pxc1@ABC.COM"; #这里不同的主机上,需修改为本机的主机名
};
