Sample Configuration for Mutual Authentication - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-04-05
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™

The following example shows a typical TdgssUserConfigFile.xml update to support TLS mutual authentication on the LDAP mechanism. Configuration of the KRB5 or SPNEGO mechanism is similar.

<Mechanism Name="ldap">
    <MechanismProperties
        ...
        LdapClientTlsCert="/opt/teradata/tdat/tdgss/site/ssl/certs/clientcert.pem"
        LdapClientTlsKey="/opt/teradata/tdat/tdgss/site/ssl/certs/clientkey.pem"
        />
</Mechanism>

After you add the client certificate and key to the TdgssUserConfigFile.xml and run the run_tdgssconfig utility in the TDGSS bin directory, you can test the setup with tdgssauth. See Working with tdgssauth.

Make sure to verify the configuration on each Vantage node. Failure to adequately test the configuration can result in loss of connectivity for Vantage clients using LDAP authentication.

After you verify the results, restart Teradata Vantage to enable the new configuration.