17.10 - Copying the Kerberos Keys From the KDC to the Principals - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
Release Date
July 2021
Content Type
Publication ID
English (United States)

After you generate Kerberos keys on the Linux MIT KDC(s), you must securely move copies of the set of keytab files for database nodes from the KDC to a temporary location on any node of the corresponding database system, and move copies of the set of keytab files for each Unity server (if used) to the corresponding server.

If a database system or Unity server resides in multiple domains, make sure you move the keytab files from the KDC in each domain. Save the copies of the keytab files here: /opt/teradata/tdat/tdgss/site/domain_name.sys_name.keytab.

domain_name.sys_name is defined in Generating the Key for the First Node or for a Unity Server.

This is a temporary location to use when you install the keys to the permanent location in Installing the Kerberos Keys. Make sure that each keytab file has a unique file name.