Use the ktpass command to create the key for the first Teradata Vantage node in a system, or for a Unity server. The keytab file is created in the directory from which the command is issued unless you use -out keytab_filename to specify another location.
Generate the keys for each Unity server individually. Key generation for additional Unity servers does not follow the same rules as generating keys for additional nodes in a database system.
ktpass -princ spn -mapuser [ node_name | unity_server_name ] -pass password -ptype KRB5_NT_PRINCIPAL -out keytab_filename
- spn
- The SPN for a Teradata Vantage node or Unity server, as defined in Determining the SPN for Each Node and Unity Server.
- node_name
- unity_server_name
- The name of a Teradata Vantage node or Unity server created in step 4 of Creating an Active Directory User for Each Node and Unity Server.
- password
- The Password for the user represented by the node or Unity server name. Use the password assigned to the name in step 6 of Creating an Active Directory User for Each Node and Unity Server.
- KRB5_NT_PRINCIPAL
- The principal name type.
- keytab_filename
- The name of the keytab file to which the keys are written, for example, domain_name.sys_name.keytab, where:
- domain_name is included to differentiate among the separate keytab files required for multiple domains, if present.
- sys_name names of a Teradata Vantage system or Unity server in the domain.If the Active Directory KDC serves more than one Vantage system or Unity server, you must create a keytab file for each one using a unique sys_name.
The order in which the ktpass parameters appear is not important.