After the external agent authenticates the user, it passes the external user name to the database for authorization, based on the access privileges available to the matching database username.
- Enable external authentication in the database. See External Authentication Controls.
- At logon, the user must specify a mechanism that corresponds to the agent that does the authentication, from the following mechanisms:
- KRB5
- SPNEGO (not available for ODBC-based applications)
- LDAP
Sign-on As using Kerberos authentication (KRB5 or SPNEGO mechanism) is usable only from Windows clients. - Set the AuthorizationSupported property for the authenticating mechanism to no. This setting ignores any directory mappings that may exist for the user.
- Ensure that the logon username matches a Teradata Vantage username that has WITH NULL PASSWORD privileges. See External Authentication Requirements.