You must create a Kerberos principal and password for each node on each Teradata Vantage system, and for each Unity server (if used), that is served by the MIT Kerberos Linux KDC.
Use the addprinc command to create the principal and password, for example, for a node:
kadmin.local: addprinc TERADATA/principal_name.esrootdom.esdev.tdat WARNING: no policy specified for TERADATA/principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT; defaulting to no policy Enter password for principal "TERADATA/principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT": Re-enter password for principal "TERADATA/principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT": Principal "TERADATA/principal_name.esrootdom.esdev.tdat@ UNIX.ESROOTDOM.ESDEV.TDAT" created.
- principal_name.esrootdom.esdev.tdat
- The FQDN of a Teradata Vantage node or Unity server.
UNIX.ESROOTDOM.ESDEV.TDAT is the Kerberos realm in which the Vantage node or Unity server principal(s) is being added.
The string TERADATA/principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT, used to represent the principal, also constitutes the SPN for the principal. The SPN is used later in Creating the Kerberos Keys and Installing the Kerberos Keys to uniquely identify the keys.
When creating a Unity server principal, the service name is still TERADATA, for example:
kadmin.local: addprinc TERADATA/principal_name.esrootdom.esdev.tdat