kadmin.local:  listprincs
HTTP/manager.bigdata@BIGDATA
HTTP/master.bigdata@BIGDATA
HTTP/worker.bigdata@BIGDATA
K/M@BIGDATA
activity_analyzer/manager.bigdata@BIGDATA
activity_explorer/manager.bigdata@BIGDATA
admin/admin@BIGDATA
ambari-qa-gaia@BIGDATA
ambari-server-gaia@BIGDATA
……

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8
• 9
• 10
• 11

kadmin.local:  ank test@BIGDATA
WARNING: no policy specified for test@BIGDATA; defaulting to no policy
Enter password for principal "test@BIGDATA": 
Re-enter password for principal "test@BIGDATA": 
Principal "test@BIGDATA" created.

# 创建的时候指定密码
kadmin.local -q "addprinc -pw bigdata123 test"

• 1
• 2
• 3
• 4
• 5
• 6
• 7
• 8

kadmin.local # 登录
kadmin.local:  ktadd -k /etc/security/keytabs/student.keytab -norandkey test@BIGDATA

• 1
• 2
• 3

kadmin.local:  cpw test@BIGDATA
Enter password for principal "test@BIGDATA": 
Re-enter password for principal "test@BIGDATA": 
Password for "test@BIGDATA" changed.

• 1
• 2
• 3
• 4

kadmin.local:  delprinc test@BIGDATA
Are you sure you want to delete the principal "test@BIGDATA"? (yes/no): yes
Principal "test@BIGDATA" deleted.
Make sure that you have removed this principal from all ACLs before reusing.

• 1
• 2
• 3
• 4

[root@manager ~]# kinit admin/admin@BIGDATA
Password for admin/admin@BIGDATA:

• 1
• 2

[root@manager ~]# klist
Ticket cache: FILE:/tmp/krb5cc_0
Default principal: admin/admin@BIGDATA

Valid starting       Expires              Service principal
10/30/2019 00:21:12  10/31/2019 00:21:12  krbtgt/BIGDATA@BIGDATA
	renew until 11/06/2019 00:21:12

• 1
• 2
• 3
• 4
• 5
• 6
• 7

[root@manager ~]# kdestroy
[root@manager ~]# klist
klist: No credentials cache found (filename: /tmp/krb5cc_0)

• 1
• 2
• 3

• 根据keytab文件查询用户

klist -kt /etc/security/keytabs/hdfs.headless.keytab

• 1

• 切换票据

kinit -kt /etc/security/keytabs/hdfs.headless.keytab hdfs-hdv4@BIGDATA