17.10 - SPNEGO Mechanism Offered by TDNEGO on Teradata Database 15.10 for TTU 16.0 .NET Clients - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

TDNEGO offers TD2 and LDAP as negotiated mechanisms for TTU 16.0 or higher .NET clients to access Teradata Database 15.10 or higher and Teradata Vantage. TDNEGO offers SPNEGO as a negotiated mechanism for TTU 16.0 or higher .NET clients to access Teradata Database 16.0 or higher and Teradata Vantage.

TTU 16.0 or higher .NET clients that want to use SPNEGO as a TDNEGO negotiated mechanism to access Teradata Database 15.10 must add SPNEGO as a negotiated mechanism to the TDNEGO mechanism on the Teradata Database 15.10 server.

Teradata Database 16.0 or higher and Teradata Vantage are already configured to offer SPNEGO to .NET clients. CLI, ODBC, and JDBC do not support SPNEGO, so the only time the following configuration needs to be done is with a Teradata Database 15.10 server and TTU 16.0 .NET clients that want to use SPNEGO.
  1. On the Teradata Database 15.10 server, edit TdgssUserConfigFile.xml, add the highlighted line below to the TDNEGO mechanism, and uncomment the TDNEGO section (if not already done):
     <!-- TDNEGO: Teradata Negotiated Method -->
    
          <!-- To modify TDNEGO configuration, uncomment this section and edit
          <Mechanism Name="TDNEGO"
          <MechanismProperties
    
          MechanismEnabled="yes"
          DefaultMechanism="no"
          DefaultNegotiatingMechanism="no"
          MechanismRank="10"
    
          />
    
         <!-- Mechanisms offered for negotiation: KRB5, SPNEGO, ldap, TD2 -->
         <NegotiatedMechanism ObjectId="1.2.840.113554.1.2.2" Enable="yes"/>
          <NegotiatedMechanism ObjectId="1.3.6.1.5.5.2" Enable="yes"/> 
         <NegotiatedMechanism ObjectId="1.3.6.1.4.1.191.1.1012.1.20" Enable="yes"/>
         <NegotiatedMechanism ObjectId="1.3.6.1.4.1.191.1.1012.1.1.9" Enable="yes"/>																											
     </Mechanism>
    
            (end of commented out section) -->
  2. Complete the configuration steps (run_tdgssconfig and tpareset) shown in Changing the Configuration on Teradata Vantage Nodes.