kafka集群认证

1、安装Kerberos（10.10.10.168）

yum install krb5-server krb5-workstation krb5-libs -y
​
查看版本
klist -V
​
Kerberos 5 version 1.20.1
​

编辑/etc/hosts

10.10.10.168 ms1
10.10.10.150 ms2
10.10.10.110 ms3

vim /etc/krb5.conf

# Configuration snippets may be placed in this directory as well
includedir /etc/krb5.conf.d/
​
[logging]default = FILE:/var/log/krb5libs.logkdc = FILE:/var/log/krb5kdc.logadmin_server = FILE:/var/log/kadmind.log
​
[libdefaults]dns_lookup_realm = falseticket_lifetime = 24hrenew_lifetime = 7dforwardable = truerdns = falsepkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crtdefault_realm = LIEBE.COMdefault_ccache_name = KEYRING:persistent:%{uid}
​
[realms]LIEBE.COM = {kdc = 10.10.10.150admin_server = 10.10.10.150}
​
[domain_realm]
# .example.com = EXAMPLE.COM
# example.com = EXAMPLE.COM

vim /var/kerberos/krb5kdc/kdc.conf

[kdcdefaults]kdc_ports = 88kdc_tcp_ports = 88
​
[realms]EXAMPLE.COM = {#master_key_type = aes256-ctsacl_file = /var/kerberos/krb5kdc/kadm5.acldict_file = /usr/share/dict/wordsadmin_keytab = /var/kerberos/krb5kdc/kadm5.keytabsupported_enctypes = aes256-cts:normal aes128-cts:normal arcfour-hmac:normal camellia256-cts:normal camellia128-cts:normal}

• 配置 kadm5.acl

• 修改权限相关配置文件

  vim /var/kerberos/krb5kdc/kadm5.acl 其中前一个号是通配符，表示像名为“abc/admin”或“xxx/admin”的人都可以使用此工具（远程或本地）管理kerberos数据库，后一个跟权限有关，表示所有权限。EXAMPLE.C