16.10 - About SSL and TLS Protection - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

SSL/TLS protection encrypts the directory user ID and password during a bind to an LDAPv3-compliant directory, to prevent man-in-the-middle attacks and other security threats.

Teradata recommends SSL or TLS protection when:

  • LDAP authentication uses simple binding.
  • Kerberos authenticates users, while the directory authorizes user privileges in the database, resulting an automatic service bind (a type of simple bind).

You can configure LDAP protection properties in the LDAP, Kerberos, and SPNEGO mechanisms on Teradata Database nodes and on the Unity server, if the AuthorizationSupported property is set to yes. Also see LDAP Protection Properties.

If you implement SSL or TLS protection you should check, and if necessary reset, the AllowUnsafeServerConnection property in each mechanism that you configure for protection, to ensure optimal database operation with directories that supports IETF RFC 5746. See LdapAllowUnsafeServerConnect.

You can also use SSL and TLS protection on systems that use DIGEST-MD5 binding. See Using SSL and TLS Protection for DIGEST-MD5 Binding.

For configuration requirements when authentication is set for multiple directory services, see Creating the <LdapConfig> Section in the TdgssUserConfigFile.xml.