- Copy the public key which matches with the private key used to create JWT in RACF to one Teradata Vantage node in file /tmp/public.pem. Then distribute the file to all Teradata Vantage nodes.
(sample public key)
-----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf0ty+Sz/OduSsLFtDIk GH+VDi//epMtog8oQc992BadPLyKV8tOVzAyBrfybRPS9/zE26UkNP0J9P7HMjGJ QBC5Ya6CQhzbjXGcf/QBJ2A/lA4yty/jmTJbcrLBiCyKANxUODAbGTt/mXdVDa9u IkbJAD+qI7bs5pwWhn8MgUXTRgNCIr+kNGHzlQVE1xgTqsXKW+oE/rpJRe/afWBE OidXnOCPlOHvpFy/JMqGVL55W/OS4cSXrCtGljuvRBmIUGtdiL1KIT0ANC6UjiHg KLh6QaZuLbBiUo0JjqLyvyknKw2xdQduPAJAkgvUiLw32eZzPq/aEe4sUFXEIRqj QQIDAQAB -----END PUBLIC KEY----- $ pcl -send /tmp/public.pem /opt/teradata/tdat/tdgss/site
- Edit the /opt/teradata/tdat/tdgss/site/TdgssUserConfigFile.xml then uncomment the section and make these changes:
<!-- JWT --> <!-- To modify JWT mechanism configuration, uncomment this section and edit --> <Mechanism Name="JWT"> <MechanismProperties MechanismEnabled="yes" JWTVerificationKeyFile="/opt/teradata/tdat/tdgss/site/public.pem" JWTDefaultIssuer="saf" /> </Mechanism> <!-- (end of commented out section)-->
- Run the following after step #1 and #2. Restart Teradata Vantage if instructed.
$ tdatcmd $ psh 'perl /opt/teradata/tdgss/bin/tdgssfixpaths' $ run_tdgssconfig
See Teradata Vantage™ - Analytics Database Security Administration, B035-1100 for more detailed information.