TDPLGUX Operation - Teradata Director Program

Teradata® Director Program Reference

Product
Teradata Director Program
Release Number
17.00
Published
June 2020
Language
English (United States)
Last Update
2020-06-18
dita:mapPath
pxm1544831938750.ditamap
dita:ditavalPath
obe1474387269547.ditaval
dita:id
B035-2416
lifecycle
previous
Product Category
Teradata Tools and Utilities
TDPGLUX processes three types of calls:
  • Initialization
  • Logon requests
  • Terminate

The exit is initialized when an ENABLE LGUX command is executed. During initialization, TDPLGUX obtains a work area, opens files, and so on.

A logon request is passed to the TDPLGUX before the request is allowed to continue.

When a logon request call is made to TDPLGUX, it is processed in the following manner.

  1. TDP builds and passes a parameter list to TDPLGUX. This parameter list consists of:
    • TDP information
    • Requestor information
    • Time stamps
    • Timing precision
    • Parameter data from TDPUAX (User Address Space Exit) (z/OS or VOS3 only)
    • Logon information
    • Modify the default SECLOGON class.

    The TDP identifier and separating slash that CLIv2 allows as a prefix to the Logon String, and the ending semicolon character, are removed by CLIv2, so are not present within the exit.

  2. After the user routine processes the parameter data, the exit can:
    • Reject or accept the logon string.
    • Validate the logon string (if it contains only a user id).
    • If TDP has authenticated the database system userid, provide a logon string.
    • Determine if the logon string has already been validated by TDPUAX (z/OS or VOS3 only).
    • Modify the logon string. If the logon string is to be modified, the exit is passed the location and length of the logon string in the parameter list.)

    When TDP has authenticated the userid, the database requires that both the Logical-host on which TDP resides and the userid both have been granted the right to logon “with null password”. This is accomplished for a particular userid by the SQL GRANT LOGON ON <Logical-host id> TO USERID <userid> WITH NULL PASSWORD or for all userids by the SQL GRANT LOGON ON <Logical-host id> AS DEFAULT WITH NULL PASSWORD.

    While database system userids must be defined with a password, the password is ignored when TDP has authenticated the userid. Since it is ignored, an expired password will not prevent a logon when TDP has authenticated the userid, though it prevents a logon when TDP has not authenticated that userid, since the password is used.

  3. If the logon request is accepted, TDPLGUX sends a return code of zero.

    If the logon request is rejected, TDPLGUX sends a nonzero return code and the violation is reported to the security exit.

For an example of coding TDPLGUX, refer to the sample TDPLGUX that is shipped with TDP.

The parameter list is described by the TDPLGPRM macro, which is distributed with the product.