Authentication is the indisputable establishment of identities between two mutually suspicious parties when faced with adversaries with a malicious intent. In other words, authentication answers a very simple question: Who are you?
In research literature, authentication is defined as a proof of authenticity; it determines if the source of a message is genuine. Authentication says nothing about capabilities; that is, it does not determine if a source has the right to access certain resources within the destination.
- Conventional Teradata Mechanism – consists of a username and a password, which are validated by the database during logon. This is sometimes referred to as CSO.
- SSO – the system is trusted, and the user is logged on without providing a username and password. The user's identity, which is obtained through a network or domain login, is transmitted to the database and verified.
SSO is only supported when the server is running Windows and the client running a Windows or Apple macOS version supporting SSPI. SSO is supported using Kerberos as the authentication mechanism.
The Extensible User Authentication feature expands these authentication mechanisms to include LDAP, Teradata-defined, and other user-defined mechanisms. It also provides support for Kerberos on all platforms that support Kerberos.