17.10 - Copying the Kerberos Keys From the KDC to the Principals - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
zuy1472246340572

After you generate Kerberos keys on the Linux MIT KDC(s), you must securely move copies of the set of keytab files for database nodes from the KDC to a temporary location on any node of the corresponding database system, and move copies of the set of keytab files for each Unity server (if used) to the corresponding server.

If a database system or Unity server resides in multiple domains, make sure you move the keytab files from the KDC in each domain. Save the copies of the keytab files here: /opt/teradata/tdat/tdgss/site/domain_name.sys_name.keytab.

domain_name.sys_name is defined in Generating the Key for the First Node or for a Unity Server.

This is a temporary location to use when you install the keys to the permanent location in Installing the Kerberos Keys. Make sure that each keytab file has a unique file name.