Kerberos External Authentication with Directory Authorization (Single Sign-on) - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
ft:locale
en-US
ft:lastEdition
2024-04-05
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantageā„¢
  1. A directory-based user logs on with a domain username, and is authenticated by Kerberos (KRB5 or SPNEGO mechanism). The user can then access any applications and data that support Kerberos authentication, including Teradata Vantage.
  2. The user connects to Vantage without resubmitting logon credentials, although the connection to Vantage must specify the Vantage system name (tdpid) and the security mechanism that corresponds to the authenticating agent if it is not set as the default. See Using Single Sign-on with Directory Authorization.
  3. The directory authorizes database privileges to the user based on:
Users that use this logon method must be defined to Kerberos, and must have an entry in the directory that TDGSS can find using an <Identity Map> or <Identity Search>.