If one or more sets of Kerberos keys are already installed to the permanent keytab file location and you want to add another set of keys, for example, because you configured an additional KDC, you must install the additional keys so that they merge with the existing keys.
- Run ktutil from the command prompt of the database node containing the existing keytab files, or from the Linux prompt of the Unity server with existing keys:
ktutilFor information on ktutil options, see the ktutil man page on any node or on the Unity server.
- At the ktutil prompt, enter the command to read the current keys:
rkt /etc/teradata.keytabThis procedure assumes that any existing keytab files are in the standard location. If an alternate location was used, it is shown in the value of the TeradataKeyTab property in the TdgssUserConfigFile.xml.
- Enter the command to read the new keys:
where keytab_filename is the name of a keytab file that you generated in Running ktpass to Create the Kerberos Keys or Creating the Kerberos Keys, and stored on a database node or Unity server in Moving the Kerberos Keys to a Teradata Database System or Unity Server.If you are installing keys for more than one domain, rerun this step for each set of files, for example, domain2.sys_name.keytab, domain3.sys_name.keytab, and so on.
- List all keys to verify rkt has read all the new files:
- Save all keys:
- Exit the command:
- From the Teradata command prompt, distribute the merged keytab file to all nodes, using the pcl command. The new merged file, containing pre-existing and new keys, replaces the old file containing only pre-existing keys on all nodes. For example:
pcl -send /etc/teradata.keytab /etc/teradata.keytabStep 7 is not required for a single node database system or Unity servers.