Use the ktadd command in kadmin.local to create the keytab file to contain the Teradata Vantage node and Unity server keys. For example, for a Vantage node:
kadmin.local: ktadd –k /etc/principal_name.keytab TERADATA/ principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT Entry for principal TERADATA/ principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT with kvno 2, encryption type AES-256 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/principal_name.keytab. Entry for principal TERADATA/ principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT with kvno 2, encryption type AES-128 CTS mode with 96-bit SHA-1 HMAC added to keytab WRFILE:/etc/principal_name.keytab. Entry for principal TERADATA/ principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT with kvno 2, encryption type Triple DES cbc mode with HMAC/sha1 added to keytab WRFILE:/etc/principal_name.keytab. Entry for principal TERADATA/ principal_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT with kvno 2, encryption type ArcFour with HMAC/md5 added to keytab WRFILE:/etc/principal_name.keytab.
where:
Element | Description |
---|---|
principal_name.esrootdom.esdev.tdat | The FQDN of a Vantage node or Unity server. principal_name should use the naming conventions shown in step 4 of Creating a Computer Component for Database Nodes and Unity Server. |
UNIX.ESROOTDOM.ESDEV.TDAT | The Kerberos realm in which the principal_name is being added. |
When creating Kerberos keys for a Unity server principal, the service name is still TERADATA, for example:
kadmin.local: ktadd –k /etc/unity_server_name.keytab TERADATA/unity_server_name.esrootdom.esdev.tdat@UNIX.ESROOTDOM.ESDEV.TDAT