Sample Configuration for Mutual Authentication - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantage™

The following example shows a typical TdgssUserConfigFile.xml update to support TLS mutual authentication on the LDAP mechanism. Configuration of the KRB5 or SPNEGO mechanism is similar.

<Mechanism Name="ldap">
    <MechanismProperties
        ...
        LdapClientTlsCert="/opt/teradata/tdat/tdgss/site/ssl/certs/clientcert.pem"
        LdapClientTlsKey="/opt/teradata/tdat/tdgss/site/ssl/certs/clientkey.pem"
        />
</Mechanism>

After you add the client certificate and key to the TdgssUserConfigFile.xml, and run the run_tdgssconfig utility in the TDGSS bin directory, you can test the setup with tdgssauth. See Working with tdgssauth.

Make sure to verify the configuration on each Vantage node and on the Unity server, if used. Failure to adequately test the configuration can result in loss of connectivity for Vantage clients using LDAP authentication.

After you verifying the results, restart Teradata Vantage to enable the new configuration.