Enabling and disabling Kerberos users authentication with domain name
Learn how to supply usernames with domain names when you are authenticating users on Netezza Performance Server with Kerberos, and how to disable the feature. By default, the function is turned off.
Enabling Kerberos users authentication with domain name
When you are authenticating users, you provide only usernames, not domain names. To supply
usernames with domain names during user authentication, set the
enable_username_domain variable to true in
postgresql.conf.
To authenticate users with domains (for example, username@domain), the users
must have a short username (for example, username) in the database.
For example, to authenticate a krbuser@abc.com user, you must add database users
krbuser and krbuser@abc.com into the database.
- Set enable_username_domain in /nz/data/postgresql.conf
to
true.enable_username_domain=true - Add
usernameandusername@domainto the Netezza Performance Server database.-
create user <short_username> with password <password>; -
create user <user_with_domain> with password <password>;
-
- Restart Netezza Performance Server:
-
nzstop -
nzstart
-
Disabling Kerberos users authentication with domain name
If the enabled_username_domain variable is set to false,
Netezza Performance Server removes domain names
(@domain) from usernames and checks only for short names in the database
catalog.
then it strips off the @domain from user name before looking up into the database. Only the short name account has to be created in the database.
With enabled_username_domain set to false, usernames do not
have domain names. When you are authenticating users without domain names, you must add only their
short usernames to the database.
x
For example, to authenticate krbuser, add krbuser to the
database.
- Set enable_username_domain in /nz/data/postgresql.conf
to
false.enable_username_domain=false - Restart Netezza Performance Server:
-
nzstop -
nzstart
-