PrerequisiteMake sure the Kerberos configuration is working fine in the system.
- Check with your IT administrator for details about your Kerberos configuration, and create/generate krb5.conf and Keytab files. To create the krb5.conf file:
- Update the following krb5.conf with the details for your Kerberos configuration:
[libdefaults] ticket_lifetime = 24h renew_lifetime = 7d default_realm = KRB5JUPYTER.TDAT clockskew = 13000 checksum_type=2 allow_weak_crypto = true [realms] KRB5JUPYTER.TDAT = { kdc = mykrbhost.krb5jupyter.tdat:88 default_domain = KRB5JUPYTER.TDAT } [domain_realm] krb5jupyter = { .krb5jupyter = KRB5JUPYTER.TDAT krb5jupyter = KRB5JUPYTER.TDAT .mykrbhost.krb5jupyter.tdat = KRB5JUPYTER.TDAT } [logging] kdc = FILE:/var/log/krb5/krb5kdc.log admin_server = FILE:/var/log/krb5/kadmind.log default = SYSLOG:NOTICE:DAEMON - Set the ticket_lifetime to an appropriate value.
When the ticket expires, you can continue to access the Analytics Database on existing connections. To establish new connections, you need to restart the Docker container.
To generate the Keytab file:Use the tools supported by your local platform to generate a Keytab file for your username.
- Update the following krb5.conf with the details for your Kerberos configuration:
- Load the krb5.conf file and the keytab file for your username to the Docker image.
- Set the KRB_USER environment variable with your username.
For example:
The krb5.conf file and the keytab file for the user "testuser" are in the directory ~/kerberos on the local machine. To start your docker image, run:
docker run -e "accept_license=y" -p 8888:8888 -v teradata-vol:/home/jovyan/JupyterLabRoot -v ~/kerberos/krb5.conf:/etc/krb5.conf -v ~/kerberos/testkrb.keytab:/etc/testuser.keytab -e KRB_USER=testuser <image name>