Single Sign-On - Call-Level Interface Version 2

Teradata® Call-Level Interface Version 2 Reference for Workstation-Attached Systems
Product
Call-Level Interface Version 2
Release Number
17.10
Published
October 2021
Language
English (United States)
Last Update
2021-11-02
dita:mapPath
ttt1608578409164.ditamap
dita:ditavalPath
obe1474387269547.ditaval
dita:id
B035-2418
lifecycle
previous
Product Category
Teradata Tools and Utilities
Single Sign-On (SSO) is available only in the Windows environment. This feature has two modes of operations:
  • Direct sign-on
  • Third-party sign-on

Direct Sign-On

Direct sign-on permits a user to log on to the database without providing a user name and password; an account string may or may not be necessary. The Windows user identity must match the Teradata username and the username must have previously been granted the logon with null password privilege.

Third-Party Sign-On

Third-party sign-on is designed for use by application servers that log on to the database on behalf of a user through an API. Third-party sign-on requires that a user supply a username, password, and, possibly, a domain name to the application server. As with direct sign-on, the username must have previously been granted the logon with null password privilege.

A Logon parcel that does not contain a userid and a password will be interpreted as an SSO logon.

For direct sign-on SSO to work correctly, the GUILOGON environment variable must be set to NO. Otherwise, CLI displays the GUILOGON dialog box.

For more information, see “Creating A User for Single Sign-On” and “LOGON Statement” in Teradata Vantage™ - SQL Fundamentals, B035-1141 and “Single Sign-On” in Teradata Vantage™ - Database Utilities, B035-1102.

Encrypted Logon

If encryption support is switched on at the server (gateway), then CLI sends the logon string in encrypted form. The process of logon encryption is abstracted from and cannot be controlled by the applications.