在安全模式下配置Hadoop身份验证需要完成以下步骤:
1. 生成Kerberos认证相关的密钥和凭据:
```
kdb5_util create -s
ktadd -k /etc/security/keytabs/nn.service.keytab nn/hostname@REALM
ktadd -k /etc/security/keytabs/dn.service.keytab dn/hostname@REALM
ktadd -k /etc/security/keytabs/jhs.service.keytab jhs/hostname@REALM
ktadd -k /etc/security/keytabs/rm.service.keytab rm/hostname@REALM
ktadd -k /etc/security/keytabs/nm.service.keytab nm/hostname@REALM
ktadd -k /etc/security/keytabs/spnego.service.keytab HTTP/hostname@REALM
```
2. 配置Kerberos客户端:
```
vi /etc/krb5.conf
[libdefaults]
default_realm = REALM
dns_lookup_realm = false
dns_lookup_kdc = false
ticket_lifetime = 86400
renew_lifetime = 604800
forwardable = true
default_tgs_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
default_tkt_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
permitted_enctypes = aes256-cts-hmac-sha1-96 rc4-hmac des-cbc-crc des-cbc-md5
udp_preference_limit = 1
[realms]
REALM = {
kdc = kdc-hostname:88
admin_server = kdc-hostname:749
}
[domain_realm]
.hostname = REALM
hostname = REALM
```
3. 配置Hadoop客户端:
```
vi $HADOOP_HOME/etc/hadoop/core-site.xml
vi $HADOOP_HOME/etc/hadoop/hdfs-site.xml
vi $HADOOP_HOME/etc/hadoop/yarn-site.xml
vi $HADOOP_HOME/etc/hadoop/mapred-site.xml
```
4. 启动Kerberos并检查是否成功:
```
kadmin.local
start
