17.10 - TDNEGO Negotiation - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Advanced SQL Engine
Teradata Database
Release Number
Release Date
July 2021
Content Type
Publication ID
English (United States)

TDNEGO is the only negotiating mechanism that Teradata Vantage supports. You can configure TDNEGO to choose from one or more logon authentication mechanisms for client access.

SPNEGO can be negotiated by TDNEGO for clients using Kerberos with the .NET framework.

TDGSS also allows you to set a non-negotiated mechanism, which is TD2 by default. The non-negotiated mechanism is tried if protocol negotiations fail. See information about the DefaultMechanism setting in the TdgssUserConfigFile.xml.

If the database server and the client cannot find a common mechanism, the logon request is denied, and the logon fails.

In most cases, negotiations are initiated by the client logon request. If the client dose not specify an authentication protocol, TDNEGO uses the default mechanism of the database server.

If you need to modify the TDNECO configuration, the best practice is to modify the configuration on the database server. If you must modify the TDNEGO configuration on the client, install the Teradata GSS Administrative Package on the client. For more information, see Teradata GSS Administrative Package.