Set up Kerberos support for Netezza Performance Server

To use Kerberos authentication, you must establish the system as a client to the Kerberos server and configure Kerberos authentication in the Netezza Performance Server environment.

In many environments, the Kerberos administrator defines specific setup and configuration settings that clients must use. It is suggested that you discuss the process at your site with your Kerberos administrator. The Kerberos administrator might have a default configuration file and keytab process so that a Netezza Performance Server administrator can copy the files to the Netezza Performance Server system. However, other environments might not have a highly customized environment, and the only information that you might require is the Kerberos realm and Key Distribution Center (KDC) server information. If necessary, you can create your configuration and keytab files manually based on the input information from your Kerberos administrator. The following topics describe both of these setup methods.

Note: Kerberos authentication will not work with SSL unless the user is the ADMIN user or has LOCAL authentication. Kerberos and SSL are individual authentication protocols, so either one can be used.

Setting up Kerberos authentication

  1. To set up Kerberos authentication, ensure that the hostname with a fully qualified domain is set on all Cloud Pak for Data System control plane nodes.
    Example:
    [root@ABC ~]# hostname
    ABC-node1.DNSDomainName

    If fully qualified domain is not set on all Cloud Pak for Data System control plane nodes, follow the procedure that is described in Node side network configuration.

  2. When node side network configuration is completed, stop and start the ipshost container to reflect the fully qualified domain name on the nps host.
    Note: When you restart the docker, a downtime occurs because the Netezza Performance Server database is restarted during the procedure.
    docker stop ipshost1
    docker start ipshost1