After the external agent authenticates the user, it passes the external user name to the database for authorization, based on the access privileges available to the matching database username.
- Enable external authentication in the database. See About External Authentication Controls.
- At logon, the user must specify a mechanism that corresponds to the agent that does the authentication, from among the following mechanisms:
Sign-on As using Kerberos authentication (KRB5 or SPNEGO mechanism) is usable only from Windows clients.
- SPNEGO (not available for ODBC-based applications)
- Set the AuthorizationSupported property for the authenticating mechanism to no. This setting ignores any directory mappings that may exist for the user.
- The logon username must match a Teradata Database username that has WITH NULL PASSWORD privileges. See About External Authentication Requirements.