Kerberos on Linux and UNIX Clients | Teradata Vantage - 17.20 - Setting Up Kerberos on Linux and UNIX Clients - Analytics Database

Kerberos on Linux and UNIX Clients | Teradata Vantage - 17.20 - Setting Up Kerberos on Linux and UNIX Clients - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment

VantageCloud

VantageCore

Edition

Enterprise

IntelliFlex

VMware

Product

Analytics Database

Teradata Vantage

Release Number

17.20

Published

June 2022

Language

English (United States)

Last Update

2023-03-07

dita:mapPath

hjo1628096075471.ditamap

dita:ditavalPath

qkf1628213546010.ditaval

dita:id

zuy1472246340572

Prerequisite

The following discusses how to configure Kerberos for Linux and UNIX clients (except IBM z/OS).

The Teradata Tools and Utilities (TTU) client packages must be installed on your client system prior to configuring Kerberos. See the appropriate installation guide for your platform:

Operating System	Installation Documentation
Red Hat Linux	Teradata® Tools and Utilities for Linux Installation Guide (Amazon Linux 2, CentOS, OEL, RedHat, SLES, Ubuntu), B035-3160
SUSE Linux	Teradata® Tools and Utilities for Linux Installation Guide (Amazon Linux 2, CentOS, OEL, RedHat, SLES, Ubuntu), B035-3160
AIX	Teradata® Tools and Utilities for IBM AIX Installation Guide, B035-3125
Apple OS X	Teradata® Tools and Utilities for Apple macOS Installation Guide, B035-3129
Solaris (Intel)	Teradata® Tools and Utilities for Oracle Solaris on SPARC and AMD Opteron Systems Installation Guide, B035-3136
Solaris (SPARC)	Teradata® Tools and Utilities for Oracle Solaris on SPARC and AMD Opteron Systems Installation Guide, B035-3136

Kerberos installation and configuration on Linux and UNIX clients does not require any Vantage-specific customizations. The following steps are guidelines only. For specific instructions on installing and configuring Kerberos, follow your vendor's instructions.

Add the client system name and IP address to your Active Directory.
Install Kerberos on the client system:
- Install a supported version of Kerberos for Linux and UNIX clients.
- For AIX, install the NAS Kerberos package from IBM. The IBM Kerberos implementation of Network Authentication Services (NAS) is shipped on their AIX expansion pack.
  Run:
```
Installp –aqXYgd . krb5.client
```
Edit /etc/resolv.conf on the client system and include the Active Directory server name and IP address.

Include Active Directory information in krb5.conf.

On Linux and UNIX clients, add the following to krb5.conf, for example:

[libdefaults]
       default_realm = example.com
       clockskew = 300
       dns_lookup_realm = true
       dns_lookup_kdc = true
 
[realms]
AREALM.example.com = {
                kdc = kdc.example.com:88
                admin_server = AREALM.example.com:749
                default_domain = AREALM.example.com
        }

[domain_realm]
        .example.com = AREALM.example.com
       example.com = AREALM.example.com

On AIX clients, run:

mkkrb5clnt -c KDC -r Realm -s Server -d Domain

For example:

mkkrb5clnt -c kdc.example.com -r AREALM.example.com -s AREALM.example.com -d example.com

Verify the connection. Run nslookup from the client system and look up the Active Directory server (the KDC).
Run kinit on the client system to get a ticket granting ticket for your user:
```
#kinit username
```
Run klist on the client system to confirm the ticket granting ticket for your user was issued:
```
#klist
```