16.10 - Using Sign-on As with Teradata Database Authorization - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

After the external agent authenticates the user, it passes the external user name to the database for authorization, based on the access privileges available to the matching database username.

  • Enable external authentication in the database. See About External Authentication Controls.
  • At logon, the user must specify a mechanism that corresponds to the agent that does the authentication, from among the following mechanisms:
    • KRB5
    • SPNEGO (not available for ODBC-based applications)
    • LDAP
    Sign-on As using Kerberos authentication (KRB5 or SPNEGO mechanism) is usable only from Windows clients.
  • Set the AuthorizationSupported property for the authenticating mechanism to no.
    This setting ignores any directory mappings that may exist for the user.
  • The logon username must match a Teradata Database username that has WITH NULL PASSWORD privileges. See About External Authentication Requirements.