Kerberos authentication
If your environment uses Kerberos authentication to validate users, you can use Kerberos instead of local or LDAP authentication to validate your Netezza Performance Server database user accounts.
With Kerberos authentication, users are first validated against the user name and password that is stored on the Kerberos server. After successful Kerberos authentication, the system then confirms that the user account is defined as a Netezza Performance Server database user.
The Kerberos administrator is responsible for adding and managing the user accounts and passwords and deactivating accounts on the Kerberos server. The Netezza Performance Server administrator must ensure that each Netezza Performance Server database user is also defined within the Netezza Performance Server system catalog.
If you choose to use Kerberos authentication, then all database user accounts except admin are authenticated by Kerberos. You can configure database user accounts to be locally authenticated as an exception. This implementation does not support mixed Kerberos and LDAP authentication modes; that is, you cannot authenticate some users by LDAP authentication and some by Kerberos.
About the Kerberos software
The Netezza Performance Server implementation of Kerberos support uses MIT Kerberos 5 Release 1.12.1. (Kerberos is a trademark of the Massachusetts Institute of Technology (MIT).) The Netezza Performance Server software kit includes all the required libraries and binaries to run Kerberos on the Netezza Performance Server hosts. The NPS client kits include the libraries required to use the NPS clients, ODBC, JDBC, and OLE DB connectors with Kerberos authentication of the database user accounts. Your IT or system administrators are responsible for the setup of the Kerberos environment on your client systems including the configuration files and the tools for managing tickets.
If your environment is using an earlier or different release of Kerberos, note that Netezza Performance Server requires a minimum of Kerberos 1.10. It is recommended that you upgrade to the latest Kerberos 1.12.1 release for compatibility. The Netezza Performance Server Kerberos support has not been tested with other Kerberos releases and may not function correctly with Kerberos releases before 1.12.1. If your Kerberos environment uses an earlier release, you may not have the support for multi-user/concurrent database connections from the same client (which is used by the ODBC, JDBC, and OLE DB clients, for example), or for the ability to connect to the Netezza Performance Server system using its floating host name and IP address. Both of these features are in release 1.12.1 and later.
The following table lists the supported operating systems and revisions for the Netezza Performance Server CLI clients.
Operating system | 32-bit | 64-bit |
---|---|---|
Windows | ||
Windows 2008, Vista, 7, 10 | Intel / AMD | Intel / AMD |
Windows Server 2012 | N/A | Intel / AMD |
Linux® | ||
Red Hat Enterprise Linux 5.3, 5.5, 5.7, 5.9, 6.1, 6.2, 6.4, 6.5 (see note below table) | Intel / AMD | Intel / AMD |
Red Hat Enterprise Linux 6.2+ | N/A | PowerPC® |
SUSE Linux Enterprise Server 11 | Intel / AMD | Intel / AMD |
SUSE Linux Enterprise Server 10 and 11, and Red Hat Enterprise Linux 5.x | IBM® System z® | IBM System z |
UNIX | ||
IBM AIX® 6.1 with 5.0.2.1 C++ runtime libraries, 7.1 | N/A | PowerPC |
HP-UX 11i versions 1.6 and 2 (B.11.22 and B.11.23) | Itanium | Itanium |
Oracle Solaris 9, 10, 11 | SPARC | SPARC |
Oracle Solaris 10 | x86 | x86 |
On Windows platforms, you must use MIT Kerberos for Windows 4.0.1 to enable multiple-user support.