SPNEGO Mechanism Offered by TDNEGO on Teradata Database 15.10 for TTU 16.0 .NET Clients - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

TDNEGO offers TD2 and LDAP as negotiated mechanisms for TTU 16.0 or higher .NET clients to access Teradata Database 15.10 or higher and Teradata Vantage. TDNEGO offers SPNEGO as a negotiated mechanism for TTU 16.0 or higher .NET clients to access Teradata Database 16.0 or higher and Teradata Vantage.

TTU 16.0 or higher .NET clients that want to use SPNEGO as a TDNEGO negotiated mechanism to access Teradata Database 15.10 must add SPNEGO as a negotiated mechanism to the TDNEGO mechanism on the Teradata Database 15.10 server.

Teradata Database 16.0 or higher and Teradata Vantage are already configured to offer SPNEGO to .NET clients. CLI, ODBC, and JDBC do not support SPNEGO, so the only time the following configuration needs to be done is with a Teradata Database 15.10 server and TTU 16.0 .NET clients that want to use SPNEGO.
  1. On the Teradata Database 15.10 server, edit TdgssUserConfigFile.xml, add the highlighted line below to the TDNEGO mechanism, and uncomment the TDNEGO section (if not already done):
     <!-- TDNEGO: Teradata Negotiated Method -->
    
          <!-- To modify TDNEGO configuration, uncomment this section and edit
          <Mechanism Name="TDNEGO"
          <MechanismProperties
    
          MechanismEnabled="yes"
          DefaultMechanism="no"
          DefaultNegotiatingMechanism="no"
          MechanismRank="10"
    
          />
    
         <!-- Mechanisms offered for negotiation: KRB5, SPNEGO, ldap, TD2 -->
         <NegotiatedMechanism ObjectId="1.2.840.113554.1.2.2" Enable="yes"/>
          <NegotiatedMechanism ObjectId="1.3.6.1.5.5.2" Enable="yes"/> 
         <NegotiatedMechanism ObjectId="1.3.6.1.4.1.191.1.1012.1.20" Enable="yes"/>
         <NegotiatedMechanism ObjectId="1.3.6.1.4.1.191.1.1012.1.1.9" Enable="yes"/>																											
     </Mechanism>
    
            (end of commented out section) -->
  2. Complete the configuration steps (run_tdgssconfig and tpareset) shown in Changing the Configuration on Teradata Vantage Nodes.