- TDNEGO now supports JWT (JSON web token) authentication.
- New LdapServicePasswordFile property.
- The DIGEST-MD5 authentication protocol used by LDAP is deprecated.
- With the addition of JWT, Teradata Vantage now supports a greater variety of authentication protocols and mechanisms.
- The LdapServicePasswordFile property provides a way for you to change the LDAP service password without requiring a system restart.
- Because the DIGEST-MD5 protocol is considered insecure, Teradata will end support for it in a future release.
- If you use the LdapServicePasswordFile property, the LdapServicePassword and LdapServicePasswordProtected properties are ignored, and passwords are read exclusively from the password file.
- Passwords listed in the LDAP service password file must be encrypted using the tdspasswd command-line utility.
- Teradata strongly recommends you stop using DIGET-MD5, and instead use simple binding with TLS protection. A future release of Vantagewill remove support for DIGEST-MD5.
For more information about security, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.