Working with tdgssauth | Teradata Vantage - Working with tdgssauth - Analytics Database

Working with tdgssauth | Teradata Vantage - Working with tdgssauth - Analytics Database - Teradata Vantage

Security Administration

Deployment

VantageCloud

VantageCore

Edition

Enterprise

IntelliFlex

VMware

Product

Analytics Database

Teradata Vantage

Release Number

17.20

Published

June 2022

Language

English (United States)

Last Update

2024-04-05

dita:mapPath

hjo1628096075471.ditamap

dita:ditavalPath

qkf1628213546010.ditaval

dita:id

zuy1472246340572

lifecycle

latest

Product Category

Teradata Vantage™

The tdgssauth standalone tool is used to test TDGSS security mechanism configurations on Teradata Vantage nodes. tdgssauth is used to test and correct authentication, authorization, and policy failures offline:

tdgssauth is used offline to minimize the number of server TPA resets when bringing external authentication deployments and configuration fixes active.
tdgssauth tests the following mechanisms: TD2, LDAP, Kerberos, and TDNEGO.

This tool makes use of TDGSS itself to establish a pair of security contexts based on the user's input options. One context is established to simulate the client side of a secured connection. The other context simulates the server side of a secured connection.

Once the contexts are established, the server's context is probed to determine the outcome of the authentication attempt. The user's authentication properties are acquired and displayed in human readable form. The user's name is then used to probe security policy and the results of the probe are also displayed in human readable form.

The tool can also exercise confidentiality and integrity services offered by TDGSS. Exercising these services is controlled from security policy and from command line options.

You can use tdgssauth to:

Verify a permanent user's authentication and authorization properties using LDAP. See Example: tdgssauth Verifying a Permanent User Authentication and Authorization Properties.
Verify an unmapped directory user. See Example: tdgssauth Verifying an Unmapped User Authentication and Authorization Parameters Using LDAP.
Verify a mapped directory user. See Example: tdgssauth Verifying a Mapped User Parameters Using LDAP.
Verify a database users' security properties using TD2. See Example: tdgssauth Verifying a Database User Security Properties Using TD2.
Debug LDAP. See Example: tdgssauth Debugging LDAP.
Debug Kerberos. See Example: Using tdgssauth to Debug Kerberos.
Check directory users for applicable IP access restrictions, based on mappings to database users. See Testing Directory-Based IP Restrictions
You can also use tdgssauth to test other setup parameters See:
- Testing XML-Based IP Restrictions
- Testing Directory-Based IP Restrictions
- The testing step for each operation system dependent configuration change procedure in Making Changes to TdgssUserConfigFile.xml on Database Nodes.