KERBEROS_CONFIG_CHECK

Tests the Kerberos configuration of a Vertica cluster. The function performs the following tests, in order:

Are Kerberos services available?
Does a keytab file exist and are the Kerberos configuration parameters set in the database?
Can Vertica read and invoke kinit with the keys?

If any test fails, the function returns a descriptive error message.

Syntax

KERBEROS_CONFIG_CHECK( )

Parameters

This function has no parameters.

Privileges

This function does not require privileges.

Examples

The following example shows the results when the Kerberos configuration is valid.

=> SELECT KERBEROS_CONFIG_CHECK();
ok: kinit exists
ok: klist exists
ok: krb5 exists at [/etc/krb5.conf]
ok: Vertica Keytab file is set to [/scratch_b/qa/vdb.keytab]
ok: Vertica Keytab file exists at [/scratch_b/qa/vdb.keytab]
Kerberos configuration parameters set in the database
KerberosServiceName : [vdb]
KerberosHostname : []
KerberosRealm : [EXAMPLE.COM]
KerberosKeytabFile : [/scratch_b/qa/vdb.keytab]
Vertica Principal: [vdb/engvmqa24.example.com@EXAMPLE.COM]
ok: Can read Vertica keys
ok: Can get tickets for vertica principal
ok: vertica can kinit

(1 row)

The following example shows an error report.

=> SELECT KERBEROS_CONFIG_CHECK();
WARNING 2807:  Could not access file "/etc/krb5.keytab": No such file or directory
 ok: kinit exists
 ok: klist exists
 ok: krb5 exists at [/etc/krb5.conf]
 FAILED: Vertica Keytab file is not set
 FAILED: Could not find Vertica Keytab file at
 Kerberos configuration parameters set in the database
        KerberosServiceName : [vertica]
        KerberosHostname : []
        KerberosRealm : []
        KerberosKeytabFile : []
 Vertica Principal: []
 FAILED: Command to read Vertica keys did not succeed
 FAILED: Command to kinit Vertica keys did not succeed
 FAILED: Vertica not 'kinit'ing if krb5 cannot kinit

(1 row)