17.10 - Copying the Kerberos Keys From the KDC to the Principals - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

After you generate Kerberos keys on the Linux MIT KDC(s), you must securely move copies of the set of keytab files for database nodes from the KDC to a temporary location on any node of the corresponding database system, and move copies of the set of keytab files for each Unity server (if used) to the corresponding server.

If a database system or Unity server resides in multiple domains, make sure you move the keytab files from the KDC in each domain. Save the copies of the keytab files here: /opt/teradata/tdat/tdgss/site/domain_name.sys_name.keytab.

domain_name.sys_name is defined in Generating the Key for the First Node or for a Unity Server.

This is a temporary location to use when you install the keys to the permanent location in Installing the Kerberos Keys. Make sure that each keytab file has a unique file name.