17.10 - Generating the Key for the First Node or for a Unity Server - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Use the ktpass command to create the key for the first Teradata Vantage node in a system, or for a Unity server. The keytab file is created in the directory from which the command is issued unless you use -out keytab_filename to specify another location.

Generate the keys for each Unity server individually. Key generation for additional Unity servers does not follow the same rules as generating keys for additional nodes in a database system.
ktpass -princ spn -mapuser [ node_name | unity_server_name ] -pass password
  -ptype KRB5_NT_PRINCIPAL -out  keytab_filename
spn
The SPN for a Teradata Vantage node or Unity server, as defined in Determining the SPN for Each Node and Unity Server.
node_name
unity_server_name
The name of a Teradata Vantage node or Unity server created in step 4 of Creating an Active Directory User for Each Node and Unity Server.
password
The Password for the user represented by the node or Unity server name. Use the password assigned to the name in step 6 of Creating an Active Directory User for Each Node and Unity Server.
KRB5_NT_PRINCIPAL
The principal name type.
The example value, KRB5_NT_PRINCIPAL, is the same for all systems.
Specify the -ptype exactly as shown for all Kerberos setups.
keytab_filename
The name of the keytab file to which the keys are written, for example, domain_name.sys_name.keytab, where:
  • domain_name is included to differentiate among the separate keytab files required for multiple domains, if present.
  • sys_name names of a Teradata Vantage system or Unity server in the domain.
    If the Active Directory KDC serves more than one Vantage system or Unity server, you must create a keytab file for each one using a unique sys_name.
The order in which the ktpass parameters appear is not important.