17.10 - Setting Up Directory Authentication - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)
  1. Verify that the database contains a username that matches the username of each directory user that requires access to the database. Create additional database users where required. See Creating Users and Granting Privileges.
  2. Enable external authentication in the database. See About External Authentication Controls.
    • For the Vantage nodes with gateway installed, run:
      gtwcontrol -a ON
    • And, on all Vantage nodes, run dbscontrol and enter: m g 26 0
      dbscontrol m g 26 0
  3. Grant external authentication privileges to the matching database users. See About External Authentication Requirements.
  4. Configure the LDAP mechanism in the TdgssUserConfigFile.xml using the following property values. Run dumpcfg to view the configuration.
    • MechanismEnabled = “yes” (the default)
    • AuthorizationSupported =”no”
  5. If the properties need to be modified, edit the TdgssUserConfigFile.xml and enable the new configuration on all systems.
  6. Set the LDAP mechanism as the default on all clients that use LDAP authentication, or instruct users to specify the LDAP mechanism in the logon string.
  7. Use the logon format shown for LDAP authentication. See Logging on Using Sign-on As.