Using Security Logon With TDPLGUX - Teradata Director Program

Teradata® Director Program Reference - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
Lake
VMware
Product
Teradata Director Program
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-11-17
dita:mapPath
cki1641301536147.ditamap
dita:ditavalPath
obe1474387269547.ditaval
dita:id
frc1470439950465
Product Category
Teradata Tools and Utilities

The TDP security logon function and the User Logon Exit interface, TDPLGUX, can both operate independently. But, because TDPLGUX can optionally modify both the authid and the logon string itself, using them together can provide additional flexibility in security administration.

When the security logon function is disabled, TDP allows a logon to proceed whenever TDPLGUX returns a zero value. When the security logon function is enabled, the logon is routed to TDP for final validation and authorization by using the z/OS System Authorization Facility (SAF) and your external security manager.

Whenever TDPLGUX returns a nonzero value, TDP terminates the logon attempt, immediately, whether security logon is enabled or disabled.

When using security logon with TDPLGUX, configure TDPLGUX to:

  1. First, check flag bit LGSI$SEC in the LGISFL switch byte. This flag is ON when the security logon function is enabled, signifying that TDPLGUX can place a modified authid in LGICHUSR.
  2. Then, after modifying the authid, set flag bit LGI$CHNG in the LGISFL switch byte to ON. This signifies that TDP should use the new authid for logon validation and authorization.
  3. If necessary, override the default class in the LGICLASS field.
By default, with no intervention by TDPLGUX, the authid is:
  • LGIXISU for most applications
  • LGIXIUSR for multiuser single-address-space applications such as CICS and IMS