- Make sure users that will use this method:
- Are defined to Kerberos.
- Are defined in the directory in such a way that they can be located by an <Identity Map> or <Identity Search>. See Optimizing Directory Searches.
- Complete the setup tasks listed for Option 2: Directory Authentication and Authorization, with the following changes:
- Do not configure the LDAP mechanism, because it is not used for authentication.
- Copy the following mechanism properties from the LDAP mechanism in the TDGSS library configuration file, into the TdgssUserConfigFile.xml for the authentication mechanism, KRB5 or SPNEGO:
LdapServerName
Optional LDAP identifications properties, if needed. See Optimizing Directory Searches.Some identification properties do not apply to this option. - Because this option requires service binds, Teradata strongly recommends that you implement TLS protection. See Using TLS with a Directory Server.Non-LDAP authentication ignores the LdapClientMechanism property setting.
- Set the authentication mechanism (KRB5 or SPNEGO) as the default on all affected clients, or instruct users to specify the mechanism in the logon string.
- You can use either of the these logon forms: