Purpose
LOGMECH:
This control enables users to specify the logon mechanism, such as NTLM, KRB5, LDAP or TD2, which defines the security context under which the established sessions will operate.
If the LOGMECH command is not used, or is used without specifying a logmech_name, the logon will proceed with using the default mechanism name indicated in the TeraGSS XML config file.
LOGDATA
This control enables users to specify a character string that is used to supply non-Teradata-managed user credentials to an external authentication mechanism.
If the LOGDATA command is used without a logdata_string, BTEQ resets the mechanism data string to NULL.
LOGMECH
Valid values for LOGMECH are a single mechanism name up to eight characters in length and not case-sensitive. The initial value for LOGMECH is eight spaces, which specifies the default mechanism. When the LOGMECH command is used without specifying a value, BTEQ sets LOGMECH to its initial default value.
where the following is true:
- logmech_name
- Defines the logon mechanism. For a discussion of supported logon mechanisms, see
Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.
The name is limited to eight characters; it is not case-sensitive.
LOGDATA
For LOGDATA, valid values are a single mechanism data value up to 32000 bytes in length. When the LOGDATA command is used without specifying a value, BTEQ sets LOGDATA to its initial default value.
where the following is true:
- logdata_string
- Indicates the parameters for the logon mechanism (specified using the LOGMECH command). For information about the logon parameters for supported mechanisms, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.
Usage Notes
Because the LOGDATA argument is considered sensitive information, BTEQ (in interactive mode) prompts for a value, which is specified in protected mode (keyboard entry is not displayed). The value cannot be supplied as an argument to the LOGDATA command.
The SHOW CONTROLS command does not display the LOGDATA setting.
For workstation-attached systems, you can use Teradata Wallet in order to keep your database user passwords private and not be exposed in scripts. For more information about using Teradata Wallet for the username and password entries in the LOGDATA command, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.
For more information about using security mechanisms, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.
Example – LOGDATA and LOGMECH
When using the LOGDATA and LOGMECH commands, they must precede the LOGON command. The LOGDATA and LOGMECH commands can occur in either order. The example below is for non-interactive mode use.
The following example demonstrates using the LOGDATA, LOGMECH, and LOGON commands in combination to specify the Windows logon authentication method and associated parameters:
.logmech NTLM; .logdata joe@domain1@@mypassword; .logon mydbs;