17.10 - Creating the Kerberos Keys - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Use the ktadd command in kadmin.local to create the keytab file to contain the Teradata Vantage node and Unity server keys. For example, for a Vantage node:

kadmin.local: ktadd –k /etc/principal_name.keytab TERADATA/
 principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT

Entry for principal TERADATA/
 principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT with kvno 
2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/principal_name.keytab.
Entry for principal TERADATA/
 principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT with kvno 
2, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/principal_name.keytab.
Entry for principal TERADATA/
 principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT with kvno 
2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/principal_name.keytab.
Entry for principal TERADATA/
 principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT with kvno 
2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/principal_name.keytab.
principal_name.esrootdom.esdev.tdat
The FQDN of a Teradata Vantage node or Unity server.
principal_name must use the naming conventions in step 4 of Creating a Computer Component for Database Nodes and Unity Server.

UNIX.ESROOTDOM.ESDEV.TDAT is the Kerberos realm in which the Vantage node or Unity server principal(s) is being added.

When creating Kerberos keys for a Unity server principal, the service name is still TERADATA, for example:
kadmin.local: ktadd –k /etc/unity_server_name.keytab TERADATA/unity_server_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT