Generating the Key for the First Node or for a Unity Server - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.05
17.00
Published
September 2020
Language
English (United States)
Last Update
2021-01-23
dita:mapPath
ied1556235912841.ditamap
dita:ditavalPath
lze1555437562152.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

Use the ktpass command to create the key for the first Teradata Vantage node in a system, or for a Unity server. The keytab file is created in the directory from which the command is issued unless you use -out keytab_filename to specify another location.

Generate the keys for each Unity server individually. Key generation for additional Unity servers does not follow the same rules as generating keys for additional nodes in a database system.
ktpass -princ  SPN  -mapuser [node_name|unity_server_name] -pass  password  -ptype KRB5_NT_PRINCIPAL -out  keytab_filename

where:

Syntax Element Description
-princ SPN The SPN for a Teradata Vantage node or Unity server, as defined in Determining the SPN for Each Node and Unity Server.
-mapuser node_name The name of a Teradata Vantage node or Unity server created in step 4 of Creating an Active Directory User for Each Node and Unity Server.
-pass password The Password for the user represented by the node or Unity server name. Use the password assigned to the name in step 6 of Creating an Active Directory User for Each Node and Unity Server.
-ptype KRB5_NT_PRINCIPAL The principal name type.

The example value, KRB5_NT_PRINCIPAL, is the same for all systems.

Specify the -ptype exactly as shown for all Kerberos setups.

-out keytab_filename The name of the keytab file to which the keys are written, for example, domain_name.sys_name.keytab, where:
  • domain_name is included to differentiate among the separate keytab files required for multiple domains, if present.
  • sys_name names of a Teradata Vantage system or Unity server in the domain.
    If the Active Directory KDC serves more than one Vantage system or Unity server, you must create a keytab file for each one using a unique sys_name.
The order in which the ktpass parameters appear is not important.