16.10 - Using Sign-on As with Teradata Database Authorization - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

After the external agent authenticates the user, it passes the external user name to the database for authorization, based on the access privileges available to the matching database username.

  • Enable external authentication in the database. See About External Authentication Controls.
  • At logon, the user must specify a mechanism that corresponds to the agent that does the authentication, from among the following mechanisms:
    • KRB5
    • SPNEGO (not available for ODBC-based applications)
    • LDAP
    Sign-on As using Kerberos authentication (KRB5 or SPNEGO mechanism) is usable only from Windows clients.
  • Set the AuthorizationSupported property for the authenticating mechanism to no.
    This setting ignores any directory mappings that may exist for the user.
  • The logon username must match a Teradata Database username that has WITH NULL PASSWORD privileges. See About External Authentication Requirements.