16.20 - Record Unauthenticated User Names in System Logs - Teradata Vantage NewSQL Engine

Teradata Vantage™ NewSQL Engine Release Summary

prodname
Teradata Database
Teradata Vantage NewSQL Engine
vrm_release
16.20
created_date
March 2019
category
Release Notes
featnum
B035-1098-162K

A new DBS Control field, ShowAllUserNames, allows you the option to specify that Teradata Database logs the entered user names for unauthenticated logon attempts.

Benefits

  • Allows you the option to log unauthenticated user names as entered by the user, or have these names obscured in system logs as "Non-existent User".

Considerations

  • By default, Teradata Database logs "Non-existent User" as the user name for unauthenticated users in system logs. ShowAllUserNames allows you to override this behavior, and have Teradata Database log exactly the text entered for the user name.
  • If you set ShowAllUserNames to TRUE, this can be a security risk, because a common user error is to enter a password in the user name logon field. If ShowAllUserNames is TRUE, these misplaced passwords would be visible in the affected logs.

    Change this field value to TRUE only if you determine that the utility of seeing unauthenticated user names in the affected logs overrides the risk of exposing potentially misplaced passwords.

Additional Information

  • For more information about the ShowAllUserNames field in DBS Control, see Teradata Vantage™ - Database Utilities , B035-1102 .
  • For more information about system security, see Teradata Vantage™ NewSQL Engine Security Administration, B035-1100.