有些时候需要在本地连接有Kerberos认证的集群。
1、安装homebrew
粘贴以下代码到Terminal中执行
ruby <(curl -fsSkL [raw.github.com/mxcl/homebrew/go](http://raw.github.com/mxcl/homebrew/go))
2、安装kerberos客户端
Terminal中执行
brew install krb5
3、编辑/Users/username/Library/Preferences/edu.mit.Kerberos路径下的该文件,具体内容如下:
[logging]
default = [FILE:/var/log/krb5libs.log](http://file/var/log/krb5libs.log)
kdc = [FILE:/var/log/krb5kdc.log](http://file/var/log/krb5kdc.log)
admin_server = [FILE:/var/log/kadmind.log](http://file/var/log/kadmind.log)
[libdefaults]
default_realm = EXAMPLE_REALM.COM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
default_ccache_name = FILE:/tmp/krb5cc_%{uid}
[realms]
EXAMPLE_REALM.COM = {
kdc = xxx.com # host where kdc installed
admin_server = # host where server installed
}
[domain_realm]
.example_realm= EXAMPLE_REALM.COM
example_realm = EXAMPLE_REALM.COM
4、将/etc/krb5.conf文件软链至步骤3的文件
因为Mac下客户端默认的配置文件位置不是/etc/下,所以直接拷贝配置文件到下列位置应该也可行
sudo ln -s /Users/username/Library/Preferences/edu.mit.Kerberos /etc/krb5.conf
结果:
krb5.conf -> /Users/username/Library/Preferences/edu.mit.Kerberos
5、Terminal执行kinit username,回车后输入密码,没有报错即成功认证。
可用klist查看当前验证用户的状态。
参考资料:
网友评论