- Supported Teradata Tools and Utilities UNIX clients, except IBM z/OS clients, support Kerberos authentication. See Installing and Configuring Kerberos.
- TeraGSS is now embedded in client drivers eliminating TeraGSS installation and configuration, so client configuration information has been removed throughout the book. If there is a need to configure TeraGSS on a client, see Teradata GSS Administrative Package, although we recommend not configuring TeraGSS on the clients.
- Unity now uses TDGSS instead of TeraGSS. The Unity chapter has been removed from this book. For information about Unity, see Teradata Unity Installation, Configuration, and Upgrade Guide for Customers (B035-2523) and Teradata Unity User Guide (B035-2520).
- The steps are corrected in Editing TdgssUserConfigFile.xml for Service Binds.
- Privileges information is updated for Teradata Database MAPS architecture (MAPS). See Privilege Dictionary.
- The gateway log can be configured to log the security level used by a session and also log subsequent changes to that security level. This feature is enabled in a new gtwcontrol option. See Using Network Encryption Auditing.
- Updated Using External Monitoring Software.
Optional configuration for channel bindings to increase security between Teradata Database and Unity servers. See TDGSS Channel Binding.
tdgssauth is a new tool for testing TDGSS security mechanisms on Teradata Database nodes and Unity servers. It tests that LDAP, Kerberos, and TDNEGO configurations are valid before bringing them live. tdgssauth can be used instead of tdsbind. See Working with tdgssauth.
TDNEGO now supports JDBC and Windows .NET clients. See Logging on Using Teradata Negotiating (TDNEGO).
Link-local IP addresses are blocked from connecting to the database when Release 16.0 is installed. If ipfilters were used before the installation, link-local IP addresses are allowed. To modify the settings, see Link-local IP Addresses.
Triggers are now allowed to reference Row Level Security (RLS) tables. For information about triggers, see
SQL Data Definition Language - Syntax and Examples, B035-1144. For information about RLS-protected tables, see Implementing Row Level Security.
Added a -sha option to the genselfsignedcert tool to allow users to specify the secure hash algorithm (SHA, SHA-1, SHA-224, SHA-256, SHA-384, or SHA-512) when generating certificates. The default is SHA-512 if the option is not specified.
- Unity Director is now called Teradata Unity or Unity.
Added information about DATASET SCHEMA privileges. See Privilege Dictionary.
The Lightweight LDAP Authorization feature allows customers to utilize their existing directory service to authorize Teradata Database users without modifying their directory to include Teradata-specific schema, structures, or entries. Lightweight LDAP Authorizations maps Teradata external roles to existing directory groups. See Option 4: Lightweight LDAP Authorizations.