If one or more sets of Kerberos keys are already installed to the permanent keytab file location and you want to add another set of keys, for example, because you configured an additional KDC, you must install the additional keys so that they merge with the existing keys.
- Run ktutil from the command prompt of the database node containing the existing keytab files:
ktutil
- At the ktutil prompt, enter the command to read the current keys:
rkt /etc/teradata.keytab
This procedure assumes that any existing keytab files are in the standard location. If an alternate location was used, it is shown in the value of the TeradataKeyTab property in the TdgssUserConfigFile.xml. - Enter the command to read the new keys:
rkt /opt/teradata/tdat/tdgss/site/keytab_filename
where keytab_filename is the name of a keytab file that you generated in Running ktpass to Create the Kerberos Keys or Creating the Kerberos Keys, and stored on a database node in Moving the Kerberos Keys to a Teradata Vantage System.
If you are installing keys for more than one domain, rerun this step for each set of files, for example, domain2.sys_name.keytab, domain3.sys_name.keytab, and so on. - List all keys to verify rkt has read all the new files:
list
- Save all keys:
wkt /etc/teradata.keytab
- Exit the command:
quit
- From the Teradata command prompt, distribute the merged keytab file to all nodes, using the pcl command. The new merged file, containing pre-existing and new keys, replaces the old file containing only pre-existing keys on all nodes. For example:
pcl -send /etc/teradata.keytab /etc/teradata.keytab
Step 7 is not required for a single node database system.