16.10 - LdapClientTlsReqCert - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

The LdapClientTlsReqCert property specifies what checks to perform on directory server certificates (if any), in a TLS-protected session. This property is required when Teradata Database authenticates the directory server.

Valid Settings

Setting Description
never (default) The database does not require the directory server to provide a certificate, even if CA Certs or CRLs are configured.
allow Teradata Database asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection proceeds normally.
try Teradata Database asks the directory server for a certificate. If the directory server:
  • Does not provide a certificate, the connection proceeds normally
  • Provides an invalid certificate, the connection terminates.
demand Teradata Database asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection terminates.

Supporting Mechanisms for LdapClientTlsReqCert

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
KRB5 May Be Edited
LDAP
To set a value, you must manually add this property to the TdgssUserConfigFile.xml for the needed mechanisms. See About Editing Configuration Files.

Editing Guidelines