17.20 - TDNEGO Usage Constraints - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

TDNEGO results in a mechanism other than TDNEGO being used, so the following applies:

  • A user must not be restricted to using only TDNEGO in the network security policy, because TDNEGO always selects another mechanism; the user must be allowed to use the selected mechanism, or else the logon is not allowed.
  • It is allowed, but not required, to add TDNEGO to the list of mechanisms a user is allowed to use; however, is recommended that TDNEGO not be specified as an allowed mechanism in the directory.
  • Concerning QOP and enforced network security policy, note that QOP is not supported by all mechanisms. TDNEGO is one of the mechanisms that does not support QOP. However, any QOP restrictions in the security policy for the mechanism selected by TDNEGO do apply. For example, if TDNEGO selects TD2, and the security policy requires the user to use high level encryption, then that will be enforced.