Setting Up Non-LDAP External Authentication with Directory Authorization - Analytics Database

Setting Up Non-LDAP External Authentication with Directory Authorization - Analytics Database - Teradata Vantage

Security Administration

Deployment

VantageCloud

VantageCore

Edition

Enterprise

IntelliFlex

VMware

Product

Analytics Database

Teradata Vantage

Release Number

17.20

Published

June 2022

Language

English (United States)

Last Update

2024-04-05

dita:mapPath

hjo1628096075471.ditamap

dita:ditavalPath

qkf1628213546010.ditaval

dita:id

zuy1472246340572

lifecycle

latest

Product Category

Teradata Vantage™

Make sure users that will use this method:
- Are defined to Kerberos.
- Are defined in the directory in such a way that they can be located by an <Identity Map> or <Identity Search>. See Optimizing Directory Searches.
Complete the setup tasks listed for Option 2: Directory Authentication and Authorization, with the following changes:
1. Do not configure the LDAP mechanism, because it is not used for authentication.
2. Copy the following mechanism properties from the LDAP mechanism in the TDGSS library configuration file, into the TdgssUserConfigFile.xml for the authentication mechanism, KRB5 or SPNEGO:
  LdapServerName
  
  Optional LDAP identifications properties, if needed. See Optimizing Directory Searches.
  Some identification properties do not apply to this option.
3. Because this option requires service binds, Teradata strongly recommends that you implement TLS protection. See Using TLS with a Directory Server.
  Non-LDAP authentication ignores the LdapClientMechanism property setting.
4. Set the authentication mechanism (KRB5 or SPNEGO) as the default on all affected clients, or instruct users to specify the mechanism in the logon string.
You can use either of the these logon forms:
- Logging on Using Sign-on As
- Logging on Using Single Sign-on with Kerberos