The following explains logon terms used in the Single Sign-on example.
|mech_name||Required only if KRB5 is not used. Specify the SPNEGO mechanism for Kerberos authentication from a Windows .Net client.
If no mechanism and no user credentials are specified, the system assumes a single sign-on and authenticates with Kerberos.
|authorization_qualifier||Required if users are authorized by a directory, that is, the KRB5 mechanism has AuthorizationSupported=yes:
Individual specifications within the .logdata statement must be separated by white spaces.
If the matching directory user is mapped to multiple database users:
If the directory user is mapped to more than one database user, specify the user with the database privileges needed for the session in the form:
The database username can be either a database user or EXTUSER.
If the matching directory user is mapped to multiple profiles:
If the directory offers multiple realms:
Specify the realm as it appears in the directory, normally the fully qualified DNS name of the directory, for example:
The system processes realm information as follows:
|tdpid/||Required. The tdpid identifies the Teradata Database system, Unity server, or host group to which the logon, if successful, connects.|
|, ,||User credentials are not required for single sign-on.
The , , is required as a place holder for the user credentials only if an account string is specified. Otherwise commas are not needed.
|"account"||Optional. The account string must be enclosed in double quotation marks. For information on accounts, see Database Administration.|