16.10 - Setting Up Directory Authentication - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K
  1. Verify that the database contains a username that matches the username of each directory user that requires access to the database. Create additional database users where required. See Creating Users and Granting Privileges.
  2. Enable external authentication in the database. See About External Authentication Controls.
    • For the Teradata nodes with gateway installed, run:
      gtwcontrol -a ON
    • And, on all Teradata nodes, run dbscontrol and enter: m g 26 0
      dbscontrol m g 26 0
  3. Grant external authentication privileges to the matching database users. See About External Authentication Requirements.
  4. Configure the LDAP mechanism in the TdgssUserConfigFile.xml using the following property values. Run dumpcfg to view the configuration.
    • MechanismEnabled = “yes” (the default)
    • AuthorizationSupported =”no”
  5. If the properties need to be modified, edit the TdgssUserConfigFile.xml and enable the new configuration on all systems.
  6. Set the LDAP mechanism as the default on all clients that use LDAP authentication, or instruct users to specify the LDAP mechanism in the logon string.
  7. Use the logon format shown for LDAP authentication. See Logging on Using Sign-on As.