Kerberos Keytabs

Kerberos Keytabs is a mechanism to secure server-to-server communication via Kerberos tickets. Currently Pyramid supports Keytab authentication for Teradata, SAP HANA, DB2, Hive, and Denodo data sources only.

Adding Keytabs

Before starting, Kerberos Keytabs files need to be created. The creation process is outside the scope of this help. Once created, they can be added into Pyramid.

Add Keytab Files

  • Click the "Add Keytab" button
  • Enter the keytab name and description.
  • Upload the keytab file and select the relevant tenant that the security will be attached to.
    • Each tenant can have multiple keytabs assigned to it, but each keytab should NOT be applied to more than a single tenant.
    • Keytabs should be managed according to service accounts (not user accounts) and each keytab file should contain only one service account.
Other Setup Steps
  • Go to Global Settings and upload the KRB5.config file.
  • Restart both the Runtime and Task engines.
Assign to Data Sources
  • Go to Data Sources.
  • Select the relevant Teradata, SAP HANA, DB2, Hive, or Denodo data server.
  • From the Security tab, under 'Authentication Method,' select 'Keytab,' then choose the required keytab file.
  • Under 'User,' enter the user with the full domain name; the domain name must be written in uppercase.