kinit命令脚本

① linux开机时提示输入命令但进不去啊

你还没有进入终端
怎么输入startx
login
是你要输入用户名
passwords输入你的密码
当输入密码时都是已暗文表示的所以你看不到输入只要输入正确就进入终端
然后输入startx

② 如何通过Kerberos建立两台服务器之间的信任（已解决）

KINIT="/usr/kerberos/bin/kinit"${KINIT} -kt /home/chaoyu.zhu/krb5.keytab——————————————————————————————scp [command]这样是可行的，但前提是获得krb5.keytab先——————————————————————————————keywords: ssh crontab kerberos场景：我们经常要在服务器上定时的执行一些脚本，而这些脚本又需要访问另外一些服务器 问题： 我们的服务器采用的是kerberos认证，那么定时执行的脚本如何获取授权并成功访问另外一台服务器 解决办法：利用keytab来授权 让我们来假定一个场景：我们有A和B两台服务器，我们的需求是在A服务器上每天定时去在B服务器上执行echo "hello"命令 第一步：准备A上的脚本，在脚本开头加上如下的代码export PATH="/usr/kerberos/bin:$PATH" #kerberos 安装目录 export KRB5CCNAME=/tmp/krb5cc_pub_$$ #产生的pubkey存放的目录 trap kdestroy 0 1 2 3 5 15 #命令结束后删除pubkey kinit -k -t /etc/krb5.keytab 第二步：B服务器授权A服务器的访问权限 在B服务器上的.k5login文件中添加 host/[email protected] 其中testhost为A的服务器名，在.k5login的配置文件中服务器名必须小写！！！ 补充： 由于有些机器是web账号，可能连读取/etc/krb5.keytab权限都没有，导致使用keytab认证失败，这时可以变化 一下，来进行keytab认证，步骤如下： （1）找一台keytab认证没有问题的机器，将其/etc/krb5.keytab拷到你的目标机器上(如/data/web目录下面) 用klist -k /data/web/krb5.keytab看一下文件内容.比如 Keytab name: FILE:/data/web/krb5.keytab KVNO Principal 3 host/[email protected] 3 host/[email protected] 3 host/[email protected] 3 host/[email protected] 由于37-52的keytab认证是ok的，所以接下来将采用37-52的principal进行keytab认证 （2）采用拷贝过来keytab进行认证

③ 需要安装什么使用hbase shell客户端工具

进入hbase shell console
$HBASE_HOME/bin/hbase shell
如果有kerberos认证，需要事先使用相应的keytab进行一下认证（使用kinit命令），认证成功之后再使用hbase shell进入可以使用whoami命令可查看当前用户

hbase(main)> whoami

表的管理
1）查看有哪些表

hbase(main)> list

2）创建表

# 语法：create <table>, {NAME => <family>, VERSIONS => <VERSIONS>}
# 例如：创建表t1，有两个family name：f1，f2，且版本数均为2
hbase(main)> create 't1',{NAME => 'f1', VERSIONS => 2},{NAME => 'f2', VERSIONS => 2}

3）删除表
分两步：首先disable，然后drop
例如：删除表t1

hbase(main)> disable 't1'
hbase(main)> drop 't1'

4）查看表的结构

# 语法：describe <table>
# 例如：查看表t1的结构
hbase(main)> describe 't1'

5）修改表结构
修改表结构必须先disable

# 语法：alter 't1', {NAME => 'f1'}, {NAME => 'f2', METHOD => 'delete'}
# 例如：修改表test1的cf的TTL为180天
hbase(main)> disable 'test1'
hbase(main)> alter 'test1',{NAME=>'body',TTL=>'15552000'},{NAME=>'meta', TTL=>'15552000'}
hbase(main)> enable 'test1'

权限管理
1）分配权限

# 语法 : grant <user> <permissions> <table> <column family> <column qualifier> 参数后面用逗号分隔
# 权限用五个字母表示： "RWXCA".
# READ('R'), WRITE('W'), EXEC('X'), CREATE('C'), ADMIN('A')
# 例如，给用户‘test'分配对表t1有读写的权限，
hbase(main)> grant 'test','RW','t1'

2）查看权限

# 语法：user_permission <table>
# 例如，查看表t1的权限列表
hbase(main)> user_permission 't1'

3）收回权限

# 与分配权限类似，语法：revoke <user> <table> <column family> <column qualifier>
# 例如，收回test用户在表t1上的权限
hbase(main)> revoke 'test','t1'

表数据的增删改查
1）添加数据

# 语法：put <table>,<rowkey>,<family:column>,<value>,<timestamp>
# 例如：给表t1的添加一行记录：rowkey是rowkey001，family name：f1，column name：col1，value：value01，timestamp：系统默认
hbase(main)> put 't1','rowkey001','f1:col1','value01'
用法比较单一。

2）查询数据
a）查询某行记录

# 语法：get <table>,<rowkey>,[<family:column>,....]
# 例如：查询表t1，rowkey001中的f1下的col1的值
hbase(main)> get 't1','rowkey001', 'f1:col1'
# 或者：
hbase(main)> get 't1','rowkey001', {COLUMN=>'f1:col1'}
# 查询表t1，rowke002中的f1下的所有列值
hbase(main)> get 't1','rowkey001'

b）扫描表

# 语法：scan <table>, {COLUMNS => [ <family:column>,.... ], LIMIT => num}
# 另外，还可以添加STARTROW、TIMERANGE和FITLER等高级功能
# 例如：扫描表t1的前5条数据
hbase(main)> scan 't1',{LIMIT=>5}

c）查询表中的数据行数

# 语法：count <table>, {INTERVAL => intervalNum, CACHE => cacheNum}
# INTERVAL设置多少行显示一次及对应的rowkey，默认1000；CACHE每次去取的缓存区大小，默认是10，调整该参数可提高查询速度
# 例如，查询表t1中的行数，每100条显示一次，缓存区为500
hbase(main)> count 't1', {INTERVAL => 100, CACHE => 500}

3）删除数据
a )删除行中的某个列值

# 语法：delete <table>, <rowkey>, <family:column> , <timestamp>,必须指定列名
# 例如：删除表t1，rowkey001中的f1:col1的数据
hbase(main)> delete 't1','rowkey001','f1:col1'

注：将删除改行f1:col1列所有版本的数据
b )删除行

# 语法：deleteall <table>, <rowkey>, <family:column> , <timestamp>，可以不指定列名，删除整行数据
# 例如：删除表t1，rowk001的数据
hbase(main)> deleteall 't1','rowkey001'

c）删除表中的所有数据

# 语法： truncate <table>
# 其具体过程是：disable table -> drop table -> create table
# 例如：删除表t1的所有数据
hbase(main)> truncate 't1'

Region管理
1）移动region

# 语法：move 'encodeRegionName', 'ServerName'
# encodeRegionName指的regioName后面的编码，ServerName指的是master-status的Region Servers列表
# 示例
hbase(main)>move '', 'db-41.xxx.xxx.org,60020,1390274516739'

2）开启/关闭region

# 语法：balance_switch true|false
hbase(main)> balance_switch

3）手动split

# 语法：split 'regionName', 'splitKey'

4）手动触发major compaction

#语法：
#Compact all regions in a table:
#hbase> major_compact 't1'
#Compact an entire region:
#hbase> major_compact 'r1'
#Compact a single column family within a region:
#hbase> major_compact 'r1', 'c1'
#Compact a single column family within a table:
#hbase> major_compact 't1', 'c1'

配置管理及节点重启
1）修改hdfs配置
hdfs配置位置：/etc/hadoop/conf

# 同步hdfs配置
cat /home/hadoop/slaves|xargs -i -t scp /etc/hadoop/conf/hdfs-site.xml hadoop@{}:/etc/hadoop/conf/hdfs-site.xml
#关闭：
cat /home/hadoop/slaves|xargs -i -t ssh hadoop@{} "sudo /home/hadoop/cdh4/hadoop-2.0.0-cdh4.2.1/sbin/hadoop-daemon.sh --config /etc/hadoop/conf stop datanode"
#启动：
cat /home/hadoop/slaves|xargs -i -t ssh hadoop@{} "sudo /home/hadoop/cdh4/hadoop-2.0.0-cdh4.2.1/sbin/hadoop-daemon.sh --config /etc/hadoop/conf start datanode"

2）修改hbase配置
hbase配置位置：

# 同步hbase配置
cat /home/hadoop/hbase/conf/regionservers|xargs -i -t scp /home/hadoop/hbase/conf/hbase-site.xml hadoop@{}:/home/hadoop/hbase/conf/hbase-site.xml

# graceful重启
cd ~/hbase
bin/graceful_stop.sh --restart --reload --debug inspurXXX.xxx.xxx.org

④ 怎样利用samba让linux访问windows

Samba服务器是Linux系统上安装的文件共享服务。本身问题描述就存在误区。

如果是在Linux上访问Windows共享文件，只需要使用smbclient命令，通过smb协议访问Windows共享文件即可，如下图所示：

⑤ hbase 命令一次可以写入多个值吗

进入hbase
shell
console$HBASE_HOME/bin/hbase
shell如果有kerberos认证，需要事先使用相应的keytab进行一下认证（使用kinit命令），认证成功之后再使用hbase
shell进入可以使用whoami命令可查看当前用户

⑥ linux 怎样把密码输入kinit admin

1.配置DNS

# vi /etc/resolv.conf

nameserver 192.168.2.30

nameserver 192.168.2.32

# vi /etc/host.conf

# nslookup 192.168.2.32 DNS查找

# net time SET 192.168.2.32 时间同步，客户端以服务器时间为准

2.samba

首先确保Linux系统中安装了samba包，并用下述命令来检查samba包的基础库支持，一般的RPM安装都不会有问题。

# smbd -b | grep LDAP

HAVE_LDAP_H

HAVE_LDAP

HAVE_LDAP_DOMAIN2HOSTLIST

...

# smbd -b | grep KRB

HAVE_KRB5_H

HAVE_ADDRTYPE_IN_KRB5_ADDRESS

HAVE_KRB5

...

# smbd -b | grep ADS

WITH_ADS

WITH_ADS

# smbd -b | grep WINBIND

WITH_WINBIND

WITH_WINBIND

3.krb5配置

配置编辑/etc/krb5.conf，配置完成后，执行

# kinit [email protected]

4.Samba配置

编辑配置/etc/samba/smb.conf后，重启samba服务

# service samba restart

# net ads join -U [email protected] 加入域，这时需要输入域管理员密码

5.winbind配置

编辑/etc/nsswitch.conf，更改passwd和group为(files需视你linux系统配置NIS与否，如配置NIS，则为compat)

passwd: files winbind

group: files winbind

保存后(重)启动samba服务。(重)启动winbind。

用 wbinfo -u检索用户，wbinfo -g检索用户组来测试winbind是否正常。

1.配置DNS

# vi /etc/resolv.conf

nameserver 192.168.2.30

nameserver 192.168.2.32

# vi /etc/host.conf

# nslookup 192.168.2.32 DNS查找

# net time SET 192.168.2.32 时间同步，客户端以服务器时间为准

2.samba

首先确保Linux系统中安装了samba包，并用下述命令来检查samba包的基础库支持，一般的RPM安装都不会有问题。

# smbd -b | grep LDAP

HAVE_LDAP_H

HAVE_LDAP

HAVE_LDAP_DOMAIN2HOSTLIST

...

# smbd -b | grep KRB

HAVE_KRB5_H

HAVE_ADDRTYPE_IN_KRB5_ADDRESS

HAVE_KRB5

...

# smbd -b | grep ADS

WITH_ADS

WITH_ADS

# smbd -b | grep WINBIND

WITH_WINBIND

WITH_WINBIND

3.krb5配置

配置编辑/etc/krb5.conf，配置完成后，执行

# kinit [email protected]

4.Samba配置

编辑配置/etc/samba/smb.conf后，重启samba服务

# service samba restart

# net ads join -U [email protected] 加入域，这时需要输入域管理员密码

5.winbind配置

编辑/etc/nsswitch.conf，更改passwd和group为(files需视你linux系统配置NIS与否，如配置NIS，则为compat)

passwd: files winbind

group: files winbind

保存后(重)启动samba服务。(重)启动winbind。

用 wbinfo -u检索用户，wbinfo -g检索用户组来测试winbind是否正常

⑦ 如何设置samba加入ADS

1.samba服务器软件需求

CODE:
krb5-workstation-1.2.7-19
pam_krb5-1.70-1
krb5-devel-1.2.7-19
krb5-libs-1.2.7-19
samba-3.0.5-2

2.配置kerberos(关键)
下面配置参数让 Kerberos 进程知道处理活动目录服务器，对 /etc/krb5.conf 做适当的修改，修改时需要注意的是 Kerberos 是大小写敏感的。
这是我的krb5.conf配置文件：

CODE:
[logging]
default = FILE:/var/log/krb5libs.log
kdc = FILE:/var/log/krb5kdc.log
admin_server = FILE:/var/log/kadmind.log

[libdefaults]
ticket_lifetime = 24000
default_realm = MYDOMAIN.COM
dns_lookup_realm = false
dns_lookup_kdc = false

[realms]
MYDOMAIN.COM = {
kdc = 192.168.2.248
# admin_server = kerberos.example.com:749
default_domain = MYDOMAIN.COM
}

[domain_realm]
.mydomain.com = MYDOMAIN.COM
mydomain.com = MYDOMAIN.COM

[kdc]
profile = /var/kerberos/krb5kdc/kdc.conf

[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}

3.连接2003服务器

kinit [email protected]

Kerberos 的 kinit 命令将测试服务器间的通信，后面的域名MYDOMAIN.COM 是你的活动目录的域名，必须大写，否则会收到错误信息：

CODE:
kinit(v5): Cannot find KDC for requested realm while getting initial credentials.

如果通信正常，你会提示输入口令，口令正确的话，就返回 bash 提示符，如果错误则报告：

CODE:
kinit(v5): Preauthentication failed while getting initial credentials.

4.配置samba
修改/etc/samba/smb.conf如下几行

CODE:
workgroup = MYDOMAIN
netbios name = filesrv
server string = Filesrv

realm = MYDOMAIN.COM // 活动目录服务器域名
security = ADS // 采用活动目录认证方式
encrypt passwords = yes // 采用加密的口令

重新启动samba服务

CODE:
service smb restart

配置完 Samba 和 Kerberos 后，需要在 Windows 2000 活动目录下建立一个计算机帐号，如果需要在 Linux 上来完成的话，运行：

CODE:
/usr/kerberos/bin/kinit [email protected]

输入口令后，建立帐号：

将服务器加入活动目录：

CODE:
/usr/local/samba/bin/net ads join

去 Windows 2003 服务器检查上面的工作：打开活动目录用户和计算机，查看其中的条目，如果成功的话，就可以看到你的 Linux 服务器。

然后在 Linux 机器上，你就可以采用 smbclient 命令连接到 Windows 的共享文件夹，而不需要输入口令（因为采用了Kerberos ）。

CODE:
/usr/local/samba/bin/smbclient //w2k/c$ -k

这个命令可能会产生一些错误信息，但是不要紧它能工作的。

⑧ Java有没有这样的命令行参数工具

Java 命令行工具总结

C/Documents and Settings/Zianed>ls ‘%JAVA_HOME%’/bin

HtmlConverter.exe javap.exe jstatd.exe rmid.exe

appletviewer.exe javaw.exe jvisualvm.exe rmiregistry.exe

apt.exe javaws.exe keytool.exe schemagen.exe

beanreg.dll jconsole.exe kinit.exe serialver.exe

extcheck.exe jdb.exe klist.exe servertool.exe

idlj.exe jhat.exe ktab.exe tnameserv.exe

jar.exe jinfo.exe msvcr71.dll unpack200.exe

jarsigner.exe jli.dll native2ascii.exe wsgen.exe

java-rmi.exe jmap.exe orbd.exe wsimport.exe

java.exe jps.exe pack200.exe xjc.exe

javac.exe jrunscript.exe packager.exe

javadoc.exe jstack.exe policytool.exe

javah.exe jstat.exe rmic.exe

需要获得其中的帮助使用XX -help即可

Basic Tools

These tools are the foundation of the JDK. They are the tools you use to create and build applications.

Tool Name Brief Description Links to Reference Pages

javac The compiler for the Java programming language. [Solaris and Linux ] [Windows ]

java The launcher for Java applications. In this release, a single launcher is used both for development and deployment.

The old deployment launcher, jre , is no longer provided. [Solaris and Linux ] [Windows ]

javadoc API documentation generator.

See Javadoc Tool page for doclet and taglet APIs. [Solaris and Linux ] [Windows ]

apt Annotation processing tool.

See Annotation Processing Tool for program annotation processing. [Solaris, Linux, and Windows ]

appletviewer Run and debug applets without a web browser. [Solaris and Linux ] [Windows ]

jar Create and manage Java Archive (JAR) files.

See Java Archive Files page for the JAR specification. [Solaris and Linux ] [Windows ]

jdb The Java Debugger.

See JPDA for the debugger architecture specifications. [Solaris and Linux ] [Windows ]

javah C header and stub generator. Used to write native methods. [Solaris and Linux ] [Windows ]

javap Class file disassembler [Solaris and Linux ] [Windows ]

extcheck Utility to detect Jar conflicts. [Solaris and Linux ] [Windows ]

--------------------------------------------------------------------------------

Security Tools

These security tools help you set security policies on your system and create apps that can work within the scope of security policies set at remote sites.

Tool Name Brief Description Links to Reference Pages

keytool Manage keystores and certificates. [Solaris and Linux ] [Windows ]

jarsigner Generate and verify JAR signatures. [Solaris and Linux ] [Windows ]

policytool GUI tool for managing policy files. [Solaris and Linux ] [Windows ]

These security tools help you obtain, list, and manage Kerberos tickets.

Tool Name Brief Description Links to Reference Pages

kinit Tool for obtaining Kerberos v5 tickets. Equivalent functionality is available on the Solaris operating environment via the kinit tool. For example, for Solaris 8, see the kinit reference page . [Linux ] [Windows ]

klist Command-line tool to list entries in credential cache and key tab. Equivalent functionality is available on the Solaris operating environment via the klist tool. For example, for Solaris 8, see the klist reference page . [Linux ] [Windows ]

ktab Command-line tool to help the user manage entires in the key table. Equivalent functionality is available on the Solaris operating environment via the kadmin tool. For example, for Solaris 8, see the kadmin reference page . [Linux ] [Windows ]

--------------------------------------------------------------------------------

Internationalization Tools

This tool helps to create localizable apps.

Tool Name Brief Description Links to Reference Pages

native2ascii Convert text to Unicode Latin-1. [Solaris and Linux ] [Windows ]

--------------------------------------------------------------------------------

Remote Method Invocation (RMI) Tools

These tools help to create apps that interact over the Web or other network.

Tool Name Brief Description Links to Reference Pages

rmic Generate stubs and skeletons for remote objects. [Solaris and Linux ] [Windows ]

rmiregistry Remote object registry service. [Solaris and Linux ] [Windows ]

rmid RMI activation system daemon. [Solaris and Linux ] [Windows ]

serialver Return class serialVersionUID. [Solaris and Linux ] [Windows ]

--------------------------------------------------------------------------------

Java IDL and RMI-IIOP Tools

These tools are used when creating applications that use OMG-standard IDL and CORBA/IIOP.

Tool Name Brief Description

tnameserv Provides access to the naming service.

idlj Generates .java files that map an OMG IDL interface and enable an application written in the Java programming language to use CORBA functionality.

orbd Provides support for clients to transparently locate and invoke persistent objects on servers in the CORBA environment. ORBD is used instead of the Transient Naming Service, tnameserv. ORBD includes both a Transient Naming Service and a Persistent Naming Service. The orbd tool incorporates the functionality of a Server Manager, an Interoperable Naming Service, and a Bootstrap Name Server. When used in conjunction with the servertool, the Server Manager locates, registers, and activates a server when a client wants to access the server.

servertool Provides ease-of-use interface for the application programmers to register, unregister, startup, and shutdown a server.

--------------------------------------------------------------------------------

Java Deployment Tools

Utilities for use in conjunction with deployment of java applications and applets on the web.

Tool Name Brief Description

pack200 Transforms a JAR file into a compressed pack200 file using the Java gzip compressor. The compressed packed files are highly compressed JARs, which can be directly deployed, saving bandwidth and recing download time.

unpack200 Transforms a packed file proced by pack200 into a JAR file.

--------------------------------------------------------------------------------

Java Plug-in Tools

Utilities for use in conjunction with the Java Plug-in.

Tool Name Brief Description with Links to Reference Pages

htmlconverter Converts an HTML page (file) containing applets to the OBJECT / EMBED tag format for Java Plug-in.

--------------------------------------------------------------------------------