17.10 - Using Sign-on As with Teradata Authorization - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
Release Date
July 2021
Content Type
Publication ID
English (United States)
After the external agent authenticates the user, it passes the external user name to the database for authorization, based on the access privileges available to the matching database username.
  • Enable external authentication in the database. See External Authentication Controls.
  • At logon, the user must specify a mechanism that corresponds to the agent that does the authentication, from among the following mechanisms:
    • KRB5
    • SPNEGO (not available for ODBC-based applications)
    • LDAP
    Sign-on As using Kerberos authentication (KRB5 or SPNEGO mechanism) is usable only from Windows clients.
  • Set the AuthorizationSupported property for the authenticating mechanism to no.
    This setting ignores any directory mappings that may exist for the user.
  • The logon username must match a Teradata Vantage username that has WITH NULL PASSWORD privileges. See External Authentication Requirements.