yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/mrs/umn/admin_guide_000145.html
yangtong c285e88a17 MRS UMN 20250806 version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Co-authored-by: yangtong <yangtong2@huawei.com>
Co-committed-by: yangtong <yangtong2@huawei.com>
2025-09-02 10:43:57 +00:00

84 lines
10 KiB
HTML
Raw Blame History

<a name="admin_guide_000145"></a><a name="admin_guide_000145"></a>
<h1 class="topictitle1">Exporting an Authentication Credential File</h1>
<div id="body1529658735915"><div class="section" id="admin_guide_000145__section44671593"><h4 class="sectiontitle">Scenario</h4><p id="admin_guide_000145__p56825610">If a user uses a security mode cluster to develop applications, the keytab file of the user needs to be obtained for security authentication. You can export keytab files on <span id="admin_guide_000145__text15946118176">MRS</span> Manager.</p>
<div class="note" id="admin_guide_000145__note41668450"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p class="text" id="admin_guide_000145__p39471735">After a user password is changed, the exported keytab file becomes invalid, and you need to export a keytab file again.</p>
</div></div>
</div>
<div class="section" id="admin_guide_000145__section66500021"><h4 class="sectiontitle">Prerequisites</h4><p id="admin_guide_000145__p128492411480">Before downloading the keytab file of a Human-Machine user, the password of the user must be changed at least once on the Manager portal or a client; otherwise, the downloaded keytab file cannot be used For details, see <a href="admin_guide_000143.html">Changing a User Password</a>.</p>
</div>
<div class="section" id="admin_guide_000145__section1415430347"><h4 class="sectiontitle">Procedure</h4><ol id="admin_guide_000145__ol55848701"><li id="admin_guide_000145__li57946857"><span>Log in to <span id="admin_guide_000145__text82429401506">MRS</span> Manager.</span></li><li id="admin_guide_000145__en-us_topic_0046736685_li35483542"><span>Choose <strong id="admin_guide_000145__b1592416094613">System</strong> &gt; <strong id="admin_guide_000145__b199314064617">Permission</strong> &gt; <strong id="admin_guide_000145__b18931506469">User</strong>.</span></li><li id="admin_guide_000145__li1165020412341"><span>Locate the row that contains the target user, and choose <span class="menucascade" id="admin_guide_000145__menucascade17164142082110"><b><span class="uicontrol" id="admin_guide_000145__uicontrol792916912348">More</span></b> &gt; <b><span class="uicontrol" id="admin_guide_000145__uicontrol159291993340">Download Authentication Credential</span></b></span>.</span></li><li id="admin_guide_000145__li099584317357"><span>Select a location for downloading the authentication credential and set related parameters. This operation is supported only in MRS 3.5.0 and later versions.</span><p><p id="admin_guide_000145__p19394581016">If the credential is downloaded to the server or a remote node, delete it after using it to prevent leakage.</p>
<ul id="admin_guide_000145__ul209953435351"><li id="admin_guide_000145__li998913436350"><strong id="admin_guide_000145__b534274513310">Browser</strong>: Download the file to the local computer.</li><li id="admin_guide_000145__li20989104312359"><strong id="admin_guide_000145__b7203652143111">Server</strong>: Download the file to the active OMS node of the cluster.<p id="admin_guide_000145__p15988343153510">The generated file is stored in the <strong id="admin_guide_000145__b1870212543315">/tmp/FusionInsight-Keytab/</strong> directory on the active OMS node by default. If the path does not exist, it will be created. If the path already has an authentication credential file, the existing authentication credential file will be overwritten. For user <strong id="admin_guide_000145__b4357195393219">omm</strong>, write permission for the path is required.</p>
<p id="admin_guide_000145__p9989143153514">After the file is generated, copy the downloaded package to another directory as the <strong id="admin_guide_000145__b1198911435357">omm</strong> user.</p>
</li><li id="admin_guide_000145__li39951243153520"><strong id="admin_guide_000145__b184000516331">Remote node:</strong> Download the file to a node other than the active OMS node. If you select this option, you need to set the following parameters:
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="admin_guide_000145__table59956431355" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters</caption><thead align="left"><tr id="admin_guide_000145__row3989164320359"><th align="left" class="cellrowborder" valign="top" width="23.762376237623766%" id="mcps1.3.3.2.4.2.2.3.2.2.4.1.1"><p id="admin_guide_000145__p1898934363510">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="42.9042904290429%" id="mcps1.3.3.2.4.2.2.3.2.2.4.1.2"><p id="admin_guide_000145__p698918434353">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="33.33333333333333%" id="mcps1.3.3.2.4.2.2.3.2.2.4.1.3"><p id="admin_guide_000145__p109898432351"><strong id="admin_guide_000145__b437061743311">Example Value</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="admin_guide_000145__row89891243113515"><td class="cellrowborder" valign="top" width="23.762376237623766%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.1 "><p id="admin_guide_000145__p2098944343512">Save to Path</p>
</td>
<td class="cellrowborder" valign="top" width="42.9042904290429%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.2 "><p id="admin_guide_000145__p49896431356">Path for storing the authentication credential file.</p>
<p id="admin_guide_000145__p89896439357">If there is already a credential file in the path, it will be overwritten. For a remote node, write permission for the path is required.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.3 "><p id="admin_guide_000145__p1989154353510">/tmp/FusionInsight-Keytab-Remote/</p>
</td>
</tr>
<tr id="admin_guide_000145__row99903436354"><td class="cellrowborder" valign="top" width="23.762376237623766%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.1 "><p id="admin_guide_000145__p1498914383518">Host IP Address</p>
</td>
<td class="cellrowborder" valign="top" width="42.9042904290429%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.2 "><p id="admin_guide_000145__p1998954312357">IP address of the remote node.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.3 "><p id="admin_guide_000145__p1499054320355">x.x.x.x</p>
</td>
</tr>
<tr id="admin_guide_000145__row2099010433355"><td class="cellrowborder" valign="top" width="23.762376237623766%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.1 "><p id="admin_guide_000145__p19906435359">Host Port</p>
</td>
<td class="cellrowborder" valign="top" width="42.9042904290429%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.2 "><p id="admin_guide_000145__p18990843133516">Host port of the remote node.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.3 "><p id="admin_guide_000145__p9990124343511">22</p>
</td>
</tr>
<tr id="admin_guide_000145__row299117437355"><td class="cellrowborder" valign="top" width="23.762376237623766%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.1 "><p id="admin_guide_000145__p1899014323518">Username</p>
</td>
<td class="cellrowborder" valign="top" width="42.9042904290429%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.2 "><p id="admin_guide_000145__p999044318353">Username for logging in to the remote node.</p>
<p id="admin_guide_000145__p199901743163518">For a remote node, write permission for the path is required.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.3 "><p id="admin_guide_000145__p13990174333515">xxx</p>
</td>
</tr>
<tr id="admin_guide_000145__row1599184343515"><td class="cellrowborder" valign="top" width="23.762376237623766%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.1 "><p id="admin_guide_000145__p13991144323517">Authentication Method</p>
</td>
<td class="cellrowborder" valign="top" width="42.9042904290429%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.2 "><p id="admin_guide_000145__p1699194313519">You can choose one of the following methods:</p>
<ul id="admin_guide_000145__ul99911743123519"><li id="admin_guide_000145__li39911043193518"><strong id="admin_guide_000145__b10669204349">Password</strong>: Use the password for login.</li><li id="admin_guide_000145__li89911543183510"><strong id="admin_guide_000145__b070272273411">None</strong>: To use this method, passwordless login needs to be enabled.</li></ul>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.3 "><p id="admin_guide_000145__p1499164363514">Password</p>
</td>
</tr>
<tr id="admin_guide_000145__row1199315437358"><td class="cellrowborder" valign="top" width="23.762376237623766%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.1 "><p id="admin_guide_000145__p6991743193515">Password</p>
</td>
<td class="cellrowborder" valign="top" width="42.9042904290429%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.2 "><p id="admin_guide_000145__p5992184314350">This parameter is mandatory when <strong id="admin_guide_000145__b1671693203414">Authentication Method</strong> is set to <strong id="admin_guide_000145__b77163320349">Password</strong>.</p>
<p id="admin_guide_000145__p11992443163511">This parameter indicates the password used for login.</p>
</td>
<td class="cellrowborder" valign="top" width="33.33333333333333%" headers="mcps1.3.3.2.4.2.2.3.2.2.4.1.3 "><p id="admin_guide_000145__p399344313520">xxx</p>
</td>
</tr>
</tbody>
</table>
</div>
</li></ul>
</p></li><li id="admin_guide_000145__li20475325132116"><span>Click <strong id="admin_guide_000145__b14957720183510">OK</strong>. After the file is automatically generated, specify the save path and keep the file properly.</span><p><p id="admin_guide_000145__p4475122512214">The authentication credential includes the <strong id="admin_guide_000145__b44751725192119">krb5.conf</strong> file of the Kerberos service.</p>
<p id="admin_guide_000145__p747592522111">After the authentication credential file is decompressed, you can obtain the following two files:</p>
<ul id="admin_guide_000145__ul114754255214"><li id="admin_guide_000145__li74751325152112">The <span class="filepath" id="admin_guide_000145__filepath124751025192113"><b>krb5.conf</b></span> file contains the authentication service connection information.</li><li id="admin_guide_000145__li347512256212">The <span class="filepath" id="admin_guide_000145__filepath15475102542110"><b>user.keytab</b></span> file contains user authentication information.</li></ul>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="admin_guide_000136.html">Managing Users</a></div>
</div>
</div>
View Git Blame Copy Permalink