Enabling and disabling Kerberos users authentication with domain name
Learn how to supply usernames with domain names when you are authenticating users on Netezza Performance Server with Kerberos, and how to disable the feature. By default, the function is turned off.
Enabling Kerberos users authentication with domain name
When you are authenticating users, you provide only usernames, not domain names. To supply
usernames with domain names during user authentication, set the
enable_username_domain variable to true
in
postgresql.conf.
To authenticate users with domains (for example, username@domain
), the users
must have a short username (for example, username
) in the database.
For example, to authenticate a krbuser@abc.com
user, you must add database users
krbuser
and krbuser@abc.com
into the database.
- Set enable_username_domain in /nz/data/postgresql.conf
to
true
.enable_username_domain=true
- Add
username
andusername@domain
to the Netezza Performance Server database.-
create user <short_username> with password <password>;
-
create user <user_with_domain> with password <password>;
-
- Restart Netezza Performance Server:
-
nzstop
-
nzstart
-
Disabling Kerberos users authentication with domain name
If the enabled_username_domain variable is set to false
,
Netezza Performance Server removes domain names
(@domain)
from usernames and checks only for short names in the database
catalog.
then it strips off the @domain from user name before looking up into the database. Only the short name account has to be created in the database.
With enabled_username_domain set to false
, usernames do not
have domain names. When you are authenticating users without domain names, you must add only their
short usernames to the database.
x
For example, to authenticate krbuser
, add krbuser
to the
database.
- Set enable_username_domain in /nz/data/postgresql.conf
to
false
.enable_username_domain=false
- Restart Netezza Performance Server:
-
nzstop
-
nzstart
-