Skip to content

Instantly share code, notes, and snippets.

@abajwa-hw

abajwa-hw/setup_kdc.sh

Last active October 5, 2019 17:43
Show Gist options
  • Save abajwa-hw/f8b83e1c12abb1564531e00836b098fa to your computer and use it in GitHub Desktop.
Save abajwa-hw/f8b83e1c12abb1564531e00836b098fa to your computer and use it in GitHub Desktop.
Download ZIP
Setup KDC on Ambari node
Raw
setup_kdc.sh
# curl -sSL https://gist.github.com/abajwa-hw/f8b83e1c12abb1564531e00836b098fa/raw | sudo -E sh
export host=$(hostname -f)
export realm=${realm:-HORTONWORKS.COM}
export domain=${domain:-hortonworks.com}
export kdcpassword=${kdcpassword:-BadPass#1}
set -e
sudo yum -y install krb5-server krb5-libs krb5-auth-dialog krb5-workstation
sudo tee /var/lib/ambari-server/resources/scripts/krb5.conf > /dev/null << EOF
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log
[libdefaults]
default_realm = $realm
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
[realms]
$realm = {
kdc = $host
admin_server = $host
}
[domain_realm]
.$domain = $realm
$domain = $realm
EOF
sudo /bin/cp -f /var/lib/ambari-server/resources/scripts/krb5.conf /etc
echo $kdcpassword > passwd
echo $kdcpassword >> passwd
sudo kdb5_util create -s < passwd
sudo service krb5kdc start
sudo service kadmin start
sudo chkconfig krb5kdc on
sudo chkconfig kadmin on
sudo kadmin.local -q "addprinc admin/admin" < passwd
rm -f passwd
tee /var/kerberos/krb5kdc/kadm5.acl > /dev/null << EOF
*/admin@$realm *
EOF
sudo service krb5kdc restart
sudo service kadmin restart
echo "Waiting to KDC to restart..."
sleep 10
sudo service krb5kdc status
sudo service kadmin status
echo "To testing KDC run below:"
echo kadmin -p admin/admin -w $kdcpassword -r $realm -q "get_principal admin/admin"
echo "KDC setup complete"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment