15.10 - External Authentication - Parallel Transporter

Teradata Parallel Transporter User Guide

prodname
Parallel Transporter
vrm_release
15.10
category
User Guide
featnum
B035-2445-035K

External Authentication

In some cases the user name in a job script must be authenticated by an agent external to the Teradata Database, such as Kerberos or Active Directory. External authentication is only available for jobs launched from network-attached clients. It requires special setup.

Note: Do not use external authentication to log on with a Teradata PT job script until you understand the associated setup and logon requirements, as shown in Security Administration.

Specify security attributes for external authentication as follows:

 

Security Attribute

Description

Strategy

UserName

The name used to log on to the network prior to launching the job script.

Optional:

  • For single sign-on: The user name employed for the initial network logon must match a user name defined in the Teradata Database. No additional user name and password information is required.
  • For other external authentication methods (for example, LDAP or Kerberos), specify the user name and password values in one of the following ways:
  • As values for the UserName and UserPassword attributes, except for logons that require use of LogonMechData (see below).
  • As the value for the LogMechData attribute.
  • Note: Do not declare the UserName or UserPassword attributes if you plan to enter user name and password data in LogonMechData.

    UserPassword

    The network password (not the Teradata Database password) associated with the UserName)

    TdpId

    Identifies the connection to the Teradata Database

    Optional

    If you don't specify a TdpId, the system will use the default TdpId, as defined in the Teradata Client clispb.dat. Specify either:

  • For mainframe-attached clients, specify the identity of the Teradata Director Program through which Teradata PT connects to the database. For example: TDP6
  • For network-attached clients, specify the name of the interface to the Teradata Database system, or logical host group. For example:
  • cs4400S3

    LogonMech

    The security mechanism that authenticate the user.

    Similar to the .logmech statement in a Teradata Database logon string.

    Required unless the external authentication mechanism is the default.

    Choose among the following, depending on authentication method.

  • Use LDAP for directory sign-on
  • Use KRB5 or NTLM for single sign-on and sign-on as logons.
  • LogonMechData

    Data required by external authentication mechanisms to complete the logon.

    Similar to the .logdata statement in a Teradata Database logon string.

    Optional

    LogonMechData contains the user name, password, and in some cases, other information.

    Entering user credential information in LogonMechData is required for all logons that specify profile=profilename or user=username, to differentiate among multiple applicable profiles or users.

    Note: Do not declare the LogonMechData attribute if you plan to enter user name and password data in UserName and UserPassword.