17.20 - Example: tdgssauth Verifying a Database User's Security Properties Using TD2 - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

The example shows how to verify a database user's security properties using the TD2 mechanism. Run:

tdgssauth -u userconfhigh -m td2 -i 198.51.100.20

The user's name (-u) is the same as it is specified in a bteq .logon command. The -m option specifies the logon mechanism to use (TD2 in this example). The -i option specifies the IP address from which the user will connect.

Result:

 1>       Status: not authenticated, not authorized
 2>     Actual mechanism employed: TD2 [OID 1.3.6.1.4.1.191.1.1012.1.1.9]
 3>
 4> Security context capabilities: replay detection
 5>                                out of sequence detection
 6>                                confidentiality
 7>                                integrity
 8>                                protection ready
 9>                                exportable security context
10>
11> Minimum quality of protection: 3 (High) with confidentiality and integrity
12>                       Options: none

The following explains the output from the command:

Line Number Description
1> Status: not authenticated, not authorized The user has not authenticated nor authorized. There is only a security context.

TD2 was used to establish the security context. TD2 does not authenticate, but instead requires the database to verify the user's name and password, so there is not a prompt asking for the user's password.

2> Actual mechanism employed: TD2 [OID 1.3.6.1.4.1.191.1.1012.1.1.9] TD2 is the security mechanism.
4 - 9> Security context capabilities: replay detection, out of sequence detection ... exportable security context These lines show what a particular security context provides. The security context is the one established for the named user using the specified mechanism.
11> Minimum quality of protection: 3 (High) with confidentiality and integrity The minimum QoP that the user is required to use for the duration of the session. In this example, the user must use a high strength confidentiality QoP.
12> Options: none The connection options in effect for this user. In this case, the word none indicates that this is a normal connection. This value may contain has-policy or no-direct-connect. has-policy says that the user must use only a plaintext connection to the database and is used for very specialized purposes. no-direct-connect says that the user is not permitted to connect directly to the database.