Initial Installation of Kerberos Keys for the First KDC - Analytics Database

Initial Installation of Kerberos Keys for the First KDC - Analytics Database - Teradata Vantage

Security Administration

Deployment

VantageCloud

VantageCore

Edition

Enterprise

IntelliFlex

VMware

Product

Analytics Database

Teradata Vantage

Release Number

17.20

Published

June 2022

Language

English (United States)

Last Update

2024-04-05

dita:mapPath

hjo1628096075471.ditamap

dita:ditavalPath

qkf1628213546010.ditaval

dita:id

zuy1472246340572

lifecycle

latest

Product Category

Teradata Vantage™

This procedure copies the Kerberos keys for the first KDC from the temporary location used in Moving the Kerberos Keys to a Teradata Vantage System to the permanent location (/etc/teradata.keytab) on a Teradata Vantage system.

On a single node Vantage system:

Log on to the database node from the database node console command prompt log on as teradata or another user with permission to run utilities.
Copy the temporary keytab file from the temporary location shown in Moving the Kerberos Keys to a Teradata Vantage System to the permanent location chosen in Determining the Kerberos Key Installation Directory, for example, the default permanent location:
- ```
cp /opt/teradata/tdat/tdgss/site/domain_name.sys_name.keytab /etc/teradata.keytab
```
  domain_name.sys_name is defined in Generating the Key for the First Node.
  
  If you use a custom location, be sure to specify the custom location as the TeradataKeyTab property value for the KRB5 mechanism.
Display a list of Kerberos keys to verify that all keys installed correctly:
```
klist -ke /etc/teradata.keytab
```
After verifying that all keys are installed correctly to the permanent location, delete the key file from the temporary location.

For multi-node Teradata Vantage systems:

From a database node console command prompt, log on to the Vantage node that has the temporary keytab file; log on as the user teradata or another user with permission to run utilities.
Copy the generated keytab file from the temporary location to /etc.
Distribute the keytab file to all nodes, using the pcl command. For example, send the file from the temporary location to /etc on the other nodes:
```
pcl -send temporary_location/teradata.keytab /etc/teradata.keytab
```
If you put the keytab file in a location other than /etc, be sure to specify the custom location as the TeradataKeyTab property value for the KRB5 mechanism.
Display a list of Kerberos keys to verify that all keys installed correctly:
```
pcl -s klist -ke /etc/teradata.keytab
```
After verifying that all keys are installed correctly to the permanent location, delete the key file from the temporary location.