diff --git a/kerberos/README.md b/kerberos/README.md new file mode 100644 index 0000000..e6dc98e --- /dev/null +++ b/kerberos/README.md @@ -0,0 +1,21 @@ + + +## 编译 + +```bash +docker build -t zeekling/kerberos ./ +``` + +## 启动 + +```bash +docker run -d --name=kerberos zeekling/kerberos +``` + +## 安装依赖 + +```bash +apt install krb5-user +``` + + diff --git a/kerberos/client/krb5.conf b/kerberos/client/krb5.conf index 95071ff..27bdc46 100644 --- a/kerberos/client/krb5.conf +++ b/kerberos/client/krb5.conf @@ -4,7 +4,7 @@ kdc = FILE:/var/log/krb5kdc.log admin_server = FILE:/var/log/kadmind.log [libdefaults] -default_realm = TEST.COM +default_realm = TEST.HADOOP.COM dns_lookup_realm = false dns_lookup_kdc = false ticket_lifetime = 24h @@ -12,7 +12,7 @@ renew_lifetime = 7d forwardable = true [realms] -TEST.COM = { +TEST.HADOOP.COM = { kdc = krb5-kdc-server:88 admin_server = krb5-kdc-server } diff --git a/kerberos/server/kadm5.acl b/kerberos/server/kadm5.acl index e712aa5..a6c9f2c 100644 --- a/kerberos/server/kadm5.acl +++ b/kerberos/server/kadm5.acl @@ -1 +1 @@ -*/admin@TEST.COM * +*/admin@TEST.HADOOP.COM * diff --git a/kerberos/server/krb5.conf b/kerberos/server/krb5.conf index 2067290..288d8c2 100644 --- a/kerberos/server/krb5.conf +++ b/kerberos/server/krb5.conf @@ -3,12 +3,12 @@ kdc_ports = 88 kdc_tcp_ports = 88 [realms] -TEST.COM = { - #master_key_type = aes256-cts +TEST.HADOOP.COM = { + master_key_type = aes256-cts acl_file = /etc/krb5kdc/kadm5.acl dict_file = /usr/share/dict/words admin_keytab = /var/krb5kdc/kadm5.keytab max_renewable_life = 7d 0h 0m 0s - supported_enctypes = aes256-cts:normal aes128-cts:normal des3-hmac-sha1:normal arcfour-hmac:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal + supported_enctypes = aes256-cts-hmac-sha1-96:normal aes128-cts-hmac-sha1-96:normal des3-cbc-sha1:normal arcfour-hmac-md5:normal aes128-cts aes256-cts } diff --git a/kerberos/start.sh b/kerberos/start.sh index 64d715f..e614a69 100755 --- a/kerberos/start.sh +++ b/kerberos/start.sh @@ -1,6 +1,6 @@ #!/bin/bash -FQDN="test.com" +FQDN="test.hadoop.com" ADMIN="admin" PASS="Admin12!"