||Utility added to convert non-FIPS-compliant LDAP service passwords to FIPS-compliant encrypted password. See Converting an Existing Non-FIPS-compliant Password.
||When TLS is on for a CLI-based connection, the default TD2 mechanism automatically bypasses the cryptographic services provided by TLS on systems that have installed the enhancement-supported versions of TDGSS, Gateway and CLI/TeraGSS. This improves connection times. If these conditions are not met, then valid logons succeed as usual.
||Scope parameter added to the IdPConfig section of the TdgssUserConfigFile.xml file. The parameter lets the TTU drivers use the scope parameter with OAuth authorization to re-direct a user to the configured Identity Provider URL for authentication, and MFA/2FA if used. See Configuration for Browser Authentication.
||RACF (Resource Access Control Facility) authentication support for mainframes. This allows for JSON Web Token (JWT) validation PEM files and JSON Web Key (JWK) from an identity provider (IdP). JWT from mainframe or Vantage IdP can be authenticated in TDGSS at same time. This feature is enabled by the Teradata Vantage Services team.
- tdsbind was deprecated in release 17.10. Teradata recommends using the tdgssauth tool. Documentation for tdsbind is removed in release 17.20.
- The SASL/DIGEST-MD5 authentication protocol used by LDAP was deprecated in release 17.10 and must not be used. Use simple binding with TLS protection instead. Documentation for SASL/DIGEST-MD5 is removed in release 17.20.
- New -n option for tlsutil and nodenames. This option prevents DNS lookup of database names. It is intended for provisioning cloud-based databases. See tlsutil and nodenames Utility.
- Teradata Unity was discontinued as of version 17.05. Use Business Continuity Manager instead.
- The SASL/DIGEST-MD5 authentication protocol used by LDAP is deprecated. Teradata strongly recommends you stop using SASL/DIGEST-MD5, and instead use simple binding with TLS protection.
- TDNEGO now supports JWT (JSON web token) authentication.
- New LDAP Mechanism property: LdapServicePasswordFile. Allows you to provide an encrypted list of passwords in an editable file, which enables switching LDAP passwords without requiring a database restart.