Kerberos on Linux and UNIX Clients | Teradata Vantage - Setting Up Kerberos on Linux and UNIX Clients - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-04-05
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™
Prerequisite

The following discusses how to configure Kerberos for Linux and UNIX clients (except IBM z/OS).

The Teradata Tools and Utilities (TTU) client packages must be installed on your client system prior to configuring Kerberos. See the appropriate installation guide for your platform:

Operating System Installation Documentation
Red Hat Linux Teradata® Tools and Utilities for Linux Installation Guide (Amazon Linux 2, CentOS, OEL, RedHat, SLES, Ubuntu), B035-3160
SUSE Linux Teradata® Tools and Utilities for Linux Installation Guide (Amazon Linux 2, CentOS, OEL, RedHat, SLES, Ubuntu), B035-3160
AIX Teradata® Tools and Utilities for IBM AIX Installation Guide, B035-3125
Apple OS X Teradata® Tools and Utilities for Apple macOS Installation Guide, B035-3129
Solaris (Intel) Teradata® Tools and Utilities for Oracle Solaris on SPARC and AMD Opteron Systems Installation Guide, B035-3136
Solaris (SPARC) Teradata® Tools and Utilities for Oracle Solaris on SPARC and AMD Opteron Systems Installation Guide, B035-3136
Kerberos installation and configuration on Linux and UNIX clients does not require any Vantage-specific customizations. The following steps are guidelines only. For specific instructions on installing and configuring Kerberos, follow your vendor's instructions.
  1. Add the client system name and IP address to your Active Directory.
  2. Install Kerberos on the client system:
    • Install a supported version of Kerberos for Linux and UNIX clients.
    • For AIX, install the NAS Kerberos package from IBM. The IBM Kerberos implementation of Network Authentication Services (NAS) is shipped on their AIX expansion pack.

      Run:

      Installp –aqXYgd . krb5.client
  3. Edit /etc/resolv.conf on the client system and include the Active Directory server name and IP address.
  4. Include Active Directory information in krb5.conf.
    • On Linux and UNIX clients, add the following to krb5.conf, for example:
      [libdefaults]
             default_realm = example.com
             clockskew = 300
             dns_lookup_realm = true
             dns_lookup_kdc = true
       
      [realms]
      AREALM.example.com = {
                      kdc = kdc.example.com:88
                      admin_server = AREALM.example.com:749
                      default_domain = AREALM.example.com
              }
      
      [domain_realm]
              .example.com = AREALM.example.com
             example.com = AREALM.example.com
    • On AIX clients, run:
      mkkrb5clnt -c KDC -r Realm -s Server -d Domain

      For example:

      mkkrb5clnt -c kdc.example.com -r AREALM.example.com -s AREALM.example.com -d example.com
  5. Verify the connection. Run nslookup from the client system and look up the Active Directory server (the KDC).
  6. Run kinit on the client system to get a ticket granting ticket for your user:
    #kinit username
  7. Run klist on the client system to confirm the ticket granting ticket for your user was issued:
    #klist