17.10 - TDNEGO Usage Constraints - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

TDNEGO results in a mechanism other than TDNEGO being used, so the following applies:

  • A user must not be restricted to using only TDNEGO in the network security policy, because TDNEGO always selects another mechanism; the user must be allowed to use the selected mechanism, or else the logon is not allowed.
  • It is allowed, but not required, to add TDNEGO to the list of mechanisms a user is allowed to use; however, is recommended that TDNEGO not be specified as an allowed mechanism in the directory.
  • Concerning QOP and enforced network security policy, note that QOP is not supported by all mechanisms. TDNEGO is one of the mechanisms that does not support QOP. However, any QOP restrictions in the security policy for the mechanism selected by TDNEGO do apply. For example, if TDNEGO selects TD2, and the security policy requires the user to use high level encryption, then that will be enforced.