16.10 - TeradataKeyTab - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

This property defines the location for the storage of Kerberos keytab files on Teradata Database nodes and on Unity servers.

Default Property Value

TDGSS initially sets the value of this property to /etc/teradata.keytab, the default storage location, for supporting mechanisms.

Valid Settings

Any valid Linux file location.

Supporting Mechanisms for TeradataKeyTab

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
KRB5 May Be Edited
The TeradataKeyTab value in KRB5 applies to all Kerberos authentication, including logons that use the SPNEGO mechanism.

Editing Guidelines

Coordinate the value of this property with the location of the keytab file specified when setting up Kerberos authentication. Use the default file location unless site security policy requires a different location. See Configuring Teradata Database and Unity Servers for Kerberos Authentication.

This property appears only in the library configuration file for the KRB5 mechanism. You must manually add it to the TdgssUserConfigFile.xml before you can change the property value. See About Editing Configuration Files.

The Linux user under which Teradata Database runs must own and have read access to the keytab file. If you specify a custom (non-default) file location, you must grant read access permission for the file to the Teradata Database Linux user.