External Authentication|TPT - External Authentication - Parallel Transporter

Teradata® Parallel Transporter User Guide - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
Lake
VMware
Product
Parallel Transporter
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-08-25
dita:mapPath
uzp1645128359760.ditamap
dita:ditavalPath
tvt1507315030722.ditaval
dita:id
B035-2445
Product Category
Teradata Tools and Utilities

In some cases, the user name in a job script must be authenticated by an agent external to the database, such as Kerberos or Active Directory. External authentication is only available for jobs launched from workstation-attached clients. It requires special setup.

Do not use external authentication to log on with a Teradata PT job script until you understand the associated setup and logon requirements, as shown in Teradata Vantage™ - Analytics Database Security Administration, B035-1100.

Specify security attributes for external authentication as follows:

Security Attribute Description Strategy
UserName The name used to log on to the network prior to launching the job script. Optional:
  • For single sign-on: The user name employed for the initial network logon must match a user name defined in the database. No additional user name and password information is required.
  • For other external authentication methods (for example, LDAP or Kerberos), specify the user name and password values in one of the following ways:
    • As values for the UserName and UserPassword attributes, except for logons that require use of LogonMechData.
    • As the value for the LogMechData attribute.
Do not declare the UserName or UserPassword attributes if you plan to enter user name and password data in LogonMechData.
UserPassword The network password (not the database password) associated with the UserName)
TdpId Identifies the connection to the database Optional

If you don't specify a TdpId, the database system will use the default TdpId, as defined in the Teradata Client clispb.dat. Specify either:

  • For mainframe-attached clients, specify the identity of the Teradata Director Program through which Teradata PT connects to the database. For example: TDP6
  • For workstation-attached clients, specify the name of the interface to the database system, or logical host group. For example: cs4400S3
LogonMech The security mechanism that authenticate the user.

Similar to the .logmech statement in a database logon string.

Required unless the external authentication mechanism is the default.
Choose among the following, depending on authentication method.
  • Use LDAP for directory sign-on
  • Use KRB5 or NTLM for single sign-on and sign-on as logons.
LogonMechData Data required by external authentication mechanisms to complete the logon.

Similar to the .logdata statement in a database logon string.

Optional

LogonMechData contains the user name, password and, in some cases, other information.

Entering user credential information in LogonMechData is required for all logons that specify profile=profilename or user=username, to differentiate among multiple applicable profiles or users.

Do not declare the LogonMechData attribute if you plan to enter user name and password data in UserName and UserPassword.