Authentication in the Shell
If authentication is successful, we will receive a ticket-granding ticket (TGT) from the KDC. This means that we have authenticated with the server, but we have not yet received permission to access any service.
Browse ticket cache To verify that we have received the TGT
Result: Valid starting expires Service Principal 08/13/18 12:39:45 08/13/18 22:39:59 krbtgt/REINO.COM@REINO.COM Renew until 08/20/18 12:39:45
Creating keytab on the server:
1. Access the Ktutils service
2. Execute the following commands that discharge the most used encodings
add_entry -password -p user_name@REINO.COM -k 1 -e aes256-cts-hmac-sha1-96 add_entry -password -p user_name@REINO.COM -k 1 -e aes128-cts-hmac-sha1-96 wkt /home/keytab_name.keytab
Copy the generated keytab to the local server
scp user_name@:server_cluster_name/home/keytab_name.keytab /home
Increase permissions to avoid problems
chmod 777 keytab_name.keytab
Finally move the generated keytab to the server where you want to authenticate the service, depending on the service is necessary to further copy certain configuration files of the following:
- Core-site. XML: Describes the format and configuration for the core.
- HDFS-Site. XML: Describes the format and configuration for HDFS
- YARN-Site. XML: Describes the format and configuration for YAR.
- krb5. conf: Describes the format and settings for the Kerberos V5 library.
- KDC. conf: Describes the format and configuration for Kerberos V5 AS and KDC.