ksetup /AddKdc DMM.KRB.ZZZ.COM server2.unx.zzz.com ksetup /AddHostToRealmMap dladtest1.vapps.zzz.com DMM.KRB.SAS.COM
$ kadmin -p user2/admin -kt /opt/keytabs/admin/user2.dmm.keytab kadmin: addprinc -randkey +ok_as_delegate host/dladtest1.vapps.zzz.com kadmin: ktadd -k $hostname/host.dladtest1.keytab host/dladtest1.vapps.zzz.com kadmin: addprinc -randkey +ok_as_delegate SAS/dladtest1.vapps.zzzcom kadmin: ktadd -k $hostname/SAS.dladtest1.keytab SAS/dladtest1.vapps.zzz.com kadmin: addprinc -randkey +ok_as_delegate HTTP/dladtest1.vapps.zzz.com kadmin: ktadd -k $hostname/HTTP.dladtest1.keytab HTTP/dladtest1.vapps.zzz.com
ok_as_delegateflag to allow ticket delegation in the mid-tier.
dladtest1
:
> setspn -A host/dladtest1.vapps.zzz.com HTTP_dladtest1 > setspn -A SAS/dladtest1.vapps.zzz.com SAS_dladtest1 > setspn -A HTTP/dladtest1.vapps.zzz.com host_dladtest1
dladtest1.vapps.zzz.com
, PROXY.KRB.ZZZ.COM
, Psword
,
and -k 2 -e arcfour-hmac
are
used for these values:
ktutil ktutil: addent -password -p host/dladtest1.vapps.zzz.com@PROXY.KRB.ZZZ.COM -k 2 -e arcfour-hmac Psword for host/dladtest1.vapps.zzz.com@PROXY.KRB.ZZZ.COM : ktutil: addent -password -p host/dladtest1.vapps.zzz.com@PROXY.KRB.ZZZ.COM -k 2 -e aes128-cts-hmac-sha1-96 Psword for host/dladtest1.host.zzz.com@PROXY.KRB.ZZZ.COM : ktutil: addent -password -p host/dladtest1.vapps.zzz.com@PROXY.KRB.ZZZ.COM -k 2 -e aes256-cts-hmac-sha1-96 Psword for host/dladtest1.vapps.zzz.com@PROXY.KRB.ZZZ.COM : ktutil: wkt host.dladtest1.keytab ktutil: quit
dladtest1.vapps.zzz.com
, NA.ZZZ.COM
,
and Psword
are used for these
values:
ktpass.exe -princ host/dladtest1.vapps.zzz.com@NA.ZZZ.COM -mapUser Server\dladtest1-host -pass "Psword"
-pType KRB5_NT_PRINCIPAL -out dladtest1-host.keytab -crypto All
* hive.server2.enable.doAs = true
RULE:[1:$1@$0](.*@\QAD_DOMAIN_REALM\E$)s/@\QAD_DOMAIN_REALM\E$// RULE:[2:$1@$0](.*@\QAD_DOMAIN_REALM\E$)s/@\QAD_DOMAIN_REALM\E$// RULE:[1:$1@$0](.*@\QMIT_DOMAIN_REALM\E$)s/@\QMIT_DOMAIN_REALM\E$// RULE:[2:$1@$0](.*@\QMIT_DOMAIN_REALME$)s/@\QMIT_DOMAIN_REALM\E$// DEFAULT * hadoop.proxyuser.HTTP.hosts = * * hadoop.proxyuser.HTTP.groups = * * hadoop.proxyuser.hive.groups = *