16.20 - External Authentication - Parallel Transporter

Teradata® Parallel Transporter User Guide

Product
Parallel Transporter
Release Number
16.20
Published
August 2020
Language
English (United States)
Last Update
2020-08-27
dita:mapPath
uah1527114222342.ditamap
dita:ditavalPath
Audience_PDF_product_tpt_userguide_include.ditaval

In some cases the user name in a job script must be authenticated by an agent external to the Teradata Database, such as Kerberos or Active Directory. External authentication is only available for jobs launched from network-attached clients. It requires special setup.

Do not use external authentication to log on with a Teradata PT job script until you understand the associated setup and logon requirements, as shown in Security Administration (B035-1100).

Specify security attributes for external authentication as follows:

Security Attribute Description Strategy
UserName The name used to log on to the network prior to launching the job script. Optional:
  • For single sign-on: The user name employed for the initial network logon must match a user name defined in the Teradata Database. No additional user name and password information is required.
  • For other external authentication methods (for example, LDAP or Kerberos), specify the user name and password values in one of the following ways:
    • As values for the UserName and UserPassword attributes, except for logons that require use of LogonMechData (see below).
    • As the value for the LogMechData attribute.
Do not declare the UserName or UserPassword attributes if you plan to enter user name and password data in LogonMechData.
UserPassword The network password (not the Teradata Database password) associated with the UserName)
TdpId Identifies the connection to the Teradata Database Optional

If you don't specify a TdpId, the system will use the default TdpId, as defined in the Teradata Client clispb.dat. Specify either:

  • For mainframe-attached clients, specify the identity of the Teradata Director Program through which Teradata PT connects to the database. For example: TDP6
  • For network-attached clients, specify the name of the interface to the Teradata Database system, or logical host group. For example: cs4400S3
LogonMech The security mechanism that authenticate the user.

Similar to the .logmech statement in a Teradata Database logon string.

Required unless the external authentication mechanism is the default.

Choose among the following, depending on authentication method.

  • Use LDAP for directory sign-on
  • Use KRB5 or NTLM for single sign-on and sign-on as logons.
LogonMechData Data required by external authentication mechanisms to complete the logon.

Similar to the .logdata statement in a Teradata Database logon string.

Optional

LogonMechData contains the user name, password, and in some cases, other information.

Entering user credential information in LogonMechData is required for all logons that specify profile=profilename or user=username, to differentiate among multiple applicable profiles or users.

Do not declare the LogonMechData attribute if you plan to enter user name and password data in UserName and UserPassword.