16.20 - Authentication - ODBC Driver for Teradata

ODBC Driver for Teradata® User Guide

ODBC Driver for Teradata
August 2020
User Guide

Authentication is the indisputable establishment of identities between two mutually suspicious parties when faced with adversaries with a malicious intent. In other words, authentication answers a very simple question: Who are you?

In research literature, authentication is defined as a proof of authenticity; it determines if the source of a message is genuine. Authentication says nothing about capabilities; that is, it does not determine if a source has the right to access certain resources within the destination.

User authentication in Teradata Database using ODBC Driver for Teradata uses the following mechanisms:
  • Conventional Teradata Mechanism – consists of a username and a password, which are validated by the database during logon. This is sometimes referred to as CSO.
  • SSO – the system is trusted, and the user is logged on without providing a username and password. The user's identity, which is obtained through a network or domain login, is transmitted to Teradata and verified.

    SSO is only supported when the server is running Windows and the client running a Windows or Apple OS X version supporting SSPI. SSO is supported using Kerberos as the authentication mechanism.

The Extensible User Authentication feature expands these authentication mechanisms to include LDAP, Teradata-defined, and other user-defined mechanisms. It also provides support for Kerberos on all platforms that support Kerberos.