Any Kerberos keys that already exist in a node could be overwritten (destroyed) when you install new keys. When replacing existing keys, overwriting is normal. However, if you want to retain and add to the existing keys, you must use the key merge procedure, which avoids overwriting.
You can use the pcl command to find and display any Kerberos keys that already exist on database nodes to help determine if you should use the merge procedure when installing new keys:
pcl -s klist -ke [keytab_file_name]
This example keytab file (standard location) shows a two-node system, with pre-existing keys in bold italics:
l3592:/ > pcl -s klist -ke /etc/teradata.keytab All 2 node(s) have connected <--------------------- node_name2_bynet -------------------------> Keytab name: FILE:/etc/teradata.keytab KVNO Principal ------------------------------------------------------------------ 14 TERADATA/l3592.esrootdom.esdev.tdat@ESROOTDOM.ESDEV.TDAT (DES cbc mode with RSA-MD5) 13 TERADATA/l3593.esrootdom.esdev.tdat@ESROOTDOM.ESDEV.TDAT (DES cbc mode with RSA-MD5)<--------------------- node_name1_bynet -------------------------> Keytab name: FILE:/etc/teradata.keytab KVNO Principal ------------------------------------------------------------------ 14 TERADATA/l3592.esrootdom.esdev.tdat@ESROOTDOM.ESDEV.TDAT (DES cbc mode with RSA-MD5) 13 TERADATA/l3593.esrootdom.esdev.tdat@ESROOTDOM.ESDEV.TDAT (DES cbc mode with RSA-MD5)------------------------------------------------------------------
If no keys are present, the output appears without the key entries:
l3592:/ > pcl -s klist -ke /etc/teradata.keytab All 2 node(s) have connected <--------------------- node_name2_bynet -------------------------> Keytab name: FILE:/etc/teradata.keytab KVNO Principal ------------------------------------------------------------------ <--------------------- node_name1_bynet -------------------------> Keytab name: FILE:/etc/teradata.keytab KVNO Principal ------------------------------------------------------------------