16.10 - Setting Up Directory Authentication - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)
  1. Verify that the database contains a username that matches the username of each directory user that requires access to the database. Create additional database users where required. See Creating Users and Granting Privileges.
  2. Enable external authentication in the database. See About External Authentication Controls.
    • For the Teradata nodes with gateway installed, run:
      gtwcontrol -a ON
    • And, on all Teradata nodes, run dbscontrol and enter: m g 26 0
      dbscontrol m g 26 0
  3. Grant external authentication privileges to the matching database users. See About External Authentication Requirements.
  4. Configure the LDAP mechanism in the TdgssUserConfigFile.xml using the following property values. Run dumpcfg to view the configuration.
    • MechanismEnabled = “yes” (the default)
    • AuthorizationSupported =”no”
  5. If the properties need to be modified, edit the TdgssUserConfigFile.xml and enable the new configuration on all systems.
  6. Set the LDAP mechanism as the default on all clients that use LDAP authentication, or instruct users to specify the LDAP mechanism in the logon string.
  7. Use the logon format shown for LDAP authentication. See Logging on Using Sign-on As.