例: ディレクトリユーザーのIPアクセス制限のテスト - Advanced SQL Engine

例: ディレクトリユーザーのIPアクセス制限のテスト - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engineセキュリティ管理ガイド

Product

Advanced SQL Engine

Teradata Database

Release Number

17.10

Published

2021年7月

Language

日本語

Last Update

2021-09-23

dita:mapPath

ja-JP/ppz1593203596223.ditamap

dita:ditavalPath

ja-JP/wrg1590696035526.ditaval

dita:id

B035-1100

Product Category

Software

Teradata Vantage

これらの例では、IPアドレスが141.206.35.87、141.206.35.88、および141.206.35.89のユーザーdjlをテストし、このユーザーが141.206.35.88からのログオンを許可されていないことを確認します。

$ tdgssauth -m ldap -u djl -i 141.206.35.87
TDGSS_BIN_FILE not set.
TDGSSCONFIG GDO used in tdgss.
Please enter a password: 
                        Status: authenticated, not authorized
                 Database user: perm01 [permanent user]
            Authenticated user: ldap://esroot.example.com:389/CN=djl,OU=people,OU=testing,DC=example,DC=com
        Audit trail identifier: djl
        Authenticating service: esroot1
     Actual mechanism employed: ldap [OID 1.3.6.1.4.1.191.1.1012.1.20]
       Mechanism specific data: djl

 Security context capabilities: replay detection
                                out of sequence detection
                                confidentiality
                                integrity
                                protection ready
                                exportable security context

 Minimum quality of protection: none
                       Options: none

この例では、出力の最後の行は、ログオンが拒否されたことを示します。

$ tdgssauth -m ldap -u djl -i 141.206.35.88
TDGSS_BIN_FILE not set.
TDGSSCONFIG GDO used in tdgss.
Please enter a password: 
                        Status: authenticated, not authorized
                 Database user: perm01 [permanent user]
            Authenticated user: ldap://esroot.example.com:389/CN=djl,OU=people,OU=testing,DC=example,DC=com
        Audit trail identifier: djl
        Authenticating service: esroot1
     Actual mechanism employed: ldap [OID 1.3.6.1.4.1.191.1.1012.1.20]
       Mechanism specific data: djl

 Security context capabilities: replay detection
                                out of sequence detection
                                confidentiality
                                integrity
                                protection ready
                                exportable security context


The TDGSS function tdgss_inquire_policy_for_user returned an error:
  Major status 0x000d0000 – Failure
  Minor status 0xe10000ed – The user is not permitted to log on from the IP address.

$ tdgssauth -m ldap -u djl -i 141.206.35.89
TDGSS_BIN_FILE not set.
TDGSSCONFIG GDO used in tdgss.
Please enter a password: 
                        Status: authenticated, not authorized
                 Database user: perm01 [permanent user]
            Authenticated user: ldap://esroot.example.com:389/CN=djl,OU=people,OU=testing,DC=example,DC=com
        Audit trail identifier: djl
        Authenticating service: esroot1
     Actual mechanism employed: ldap [OID 1.3.6.1.4.1.191.1.1012.1.20]
       Mechanism specific data: djl

 Security context capabilities: replay detection
                                out of sequence detection
                                confidentiality
                                integrity
                                protection ready
                                exportable security context

 Minimum quality of protection: none
                       Options: none