KERBEROS_CONFIG_CHECK
Tests the Kerberos configuration of a Vertica cluster. The function performs the following tests, in order:
- Are Kerberos services available?
- Does a keytab file exist and are the Kerberos configuration parameters set in the database?
- Can Vertica read and invoke kinit with the keys?
If any test fails, the function returns a descriptive error message.
Syntax
KERBEROS_CONFIG_CHECK( )
Parameters
This function has no parameters.
Privileges
This function does not require privileges.
Examples
The following example shows the results when the Kerberos configuration is valid.
=> SELECT KERBEROS_CONFIG_CHECK(); ok: kinit exists ok: klist exists ok: krb5 exists at [/etc/krb5.conf] ok: Vertica Keytab file is set to [/scratch_b/qa/vdb.keytab] ok: Vertica Keytab file exists at [/scratch_b/qa/vdb.keytab] Kerberos configuration parameters set in the database KerberosServiceName : [vdb] KerberosHostname : [] KerberosRealm : [EXAMPLE.COM] KerberosKeytabFile : [/scratch_b/qa/vdb.keytab] Vertica Principal: [vdb/engvmqa24.example.com@EXAMPLE.COM] ok: Can read Vertica keys ok: Can get tickets for vertica principal ok: vertica can kinit (1 row)
The following example shows an error report.
=> SELECT KERBEROS_CONFIG_CHECK(); WARNING 2807: Could not access file "/etc/krb5.keytab": No such file or directory ok: kinit exists ok: klist exists ok: krb5 exists at [/etc/krb5.conf] FAILED: Vertica Keytab file is not set FAILED: Could not find Vertica Keytab file at Kerberos configuration parameters set in the database KerberosServiceName : [vertica] KerberosHostname : [] KerberosRealm : [] KerberosKeytabFile : [] Vertica Principal: [] FAILED: Command to read Vertica keys did not succeed FAILED: Command to kinit Vertica keys did not succeed FAILED: Vertica not 'kinit'ing if krb5 cannot kinit (1 row)