拷贝KDC A的数据追加到KDC B，使得在B集群节点可以通过认证访问A集群内的服务。

1 KDC A

将KDC A的DATABASE数据导出，然后发送到KDC B点

[root@node1a198 krb5kdc]# kdb5_util dump /var/kerberos/krb5kdc/kdc2.dump
[root@node1a198 krb5kdc]# scp kdc2.dump node1a142:/var/kerberos/krb5kdc/

2 KDC B

将KDC A点导出的DATABASE数据导入KDC B点数据库

[root@node1a142 krb5kdc]# kdb5_util load -update kdc2.dump

[root@node1a142 krb5kdc]# kadmin.local -q listprincs|grep node1a141
HTTP/node1a141@HADOOP.COM
hdfs/node1a141@HADOOP.COM
hive/node1a141@HADOOP.COM
mapred/node1a141@HADOOP.COM
sentry/node1a141@HADOOP.COM
spark/node1a141@HADOOP.COM
yarn/node1a141@HADOOP.COM
zookeeper/node1a141@HADOOP.COM

[root@node1a142 krb5kdc]# kinit admin
Password for admin@HADOOP.COM:

3 验证

在B集群节点上访问A集群的hdfs服务正常

[root@node1a142 krb5kdc]# hdfs dfs -ls hdfs://node1a203:8020/
Found 9 items
drwxr-xr-x   - root  supergroup          0 2017-05-27 18:55 hdfs://node1a203:8020/cdtest
drwx------   - hbase hbase               0 2017-05-22 18:51 hdfs://node1a203:8020/hbase
drwx------   - hbase hbase               0 2017-07-07 12:43 hdfs://node1a203:8020/hbase1
drwxr-xr-x   - hbase hbase               0 2017-05-11 10:46 hdfs://node1a203:8020/hbase2
drwxr-xr-x   - root  supergroup          0 2016-12-01 17:30 hdfs://node1a203:8020/home
drwxr-xr-x   - mdss  supergroup          0 2016-12-13 18:30 hdfs://node1a203:8020/idfs
drwxr-xr-x   - hdfs  supergroup          0 2017-05-22 18:51 hdfs://node1a203:8020/system
drwxrwxrwt   - hdfs  supergroup          0 2017-07-07 12:27 hdfs://node1a203:8020/tmp
drwxrwxr-x+  - hdfs  supergroup          0 2017-05-04 15:48 hdfs://node1a203:8020/user