Prerequisites - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-04-05
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™
  • The KRB5 and SPNEGO (if used) mechanisms are enabled.
  • The AuthorizationSupported property for the mechanisms is set to:
    • ‘no’ if users are authorized privileges by Teradata Vantage
    • ‘yes’ if users are authorized privileges in a directory
  • External authentication is set up for Vantage. See External Authentication Controls and External Authentication Requirements.
  • Vantage clients and Teradata Vantage are connected to the network. TeradataVantage clients are already capable of running Kerberos logons elsewhere in the network, and the Vantage system is accessible to your client system.
  • For sites that use Business Continuity Manager, complete the PROXY connection configuration and related procedures before configuring Kerberos.
  • KDCs are set up for Kerberos authentication (except for the specialized Teradata Vantage requirements shown in the procedures that follow), and are operational.
  • KDCs must run either Windows Kerberos or MIT Kerberos on Linux. Heimdal Kerberos is not supported.
  • Users who plan to access Vantage using Kerberos authentication are already fully set up to use Kerberos for other non-Vantage network logons. For Kerberos authentication, the authorized username must match a Teradata Vantage user having WITH NULL PASSWORD privileges, but the Vantage username does not have to be the same as the authenticated username for the user. If there is no authorization, the Kerberos username and Vantage name must match and be granted WITH NULL PASSWORD. For a description of valid Kerberos username forms, see Logging on to Teradata Vantage.
  • If a Vantage (service) in one realm can be accessed by a client situated in a different realm, a cross-realm trust must exist between the realms.