17.10 - Using Sign-on As with Teradata Authorization - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
zuy1472246340572
After the external agent authenticates the user, it passes the external user name to the database for authorization, based on the access privileges available to the matching database username.
  • Enable external authentication in the database. See External Authentication Controls.
  • At logon, the user must specify a mechanism that corresponds to the agent that does the authentication, from among the following mechanisms:
    • KRB5
    • SPNEGO (not available for ODBC-based applications)
    • LDAP
    Sign-on As using Kerberos authentication (KRB5 or SPNEGO mechanism) is usable only from Windows clients.
  • Set the AuthorizationSupported property for the authenticating mechanism to no.
    This setting ignores any directory mappings that may exist for the user.
  • The logon username must match a Teradata Vantage username that has WITH NULL PASSWORD privileges. See External Authentication Requirements.