Set up Kerberos support for Netezza Performance Server
To use Kerberos authentication, you must establish the system as a client to the Kerberos server and configure Kerberos authentication in the Netezza Performance Server environment.
In many environments, the Kerberos administrator defines specific setup and configuration settings that clients must use. It is suggested that you discuss the process at your site with your Kerberos administrator. The Kerberos administrator might have a default configuration file and keytab process so that a Netezza Performance Server administrator can copy the files to the Netezza Performance Server system. However, other environments might not have a highly customized environment, and the only information that you might require is the Kerberos realm and Key Distribution Center (KDC) server information. If necessary, you can create your configuration and keytab files manually based on the input information from your Kerberos administrator. The following topics describe both of these setup methods.
Setting up Kerberos authentication
- To set up Kerberos authentication, ensure that the hostname with a fully qualified domain is set
on all Cloud Pak for Data System control plane nodes.
Example:
[root@ABC ~]# hostname ABC-node1.DNSDomainName
If fully qualified domain is not set on all Cloud Pak for Data System control plane nodes, follow the procedure that is described in Node side network configuration.
- When node side network configuration is completed, stop and start the
ipshost
container to reflect the fully qualified domain name on thenps
host.Note: When you restart the docker, a downtime occurs because the Netezza Performance Server database is restarted during the procedure.docker stop ipshost1
docker start ipshost1