16.10 - LdapClientTlsReqCert - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

The LdapClientTlsReqCert property specifies what checks to perform on directory server certificates (if any), in a TLS-protected session. This property is required when Teradata Database authenticates the directory server.

Valid Settings

Setting Description
never (default) The database does not require the directory server to provide a certificate, even if CA Certs or CRLs are configured.
allow Teradata Database asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection proceeds normally.
try Teradata Database asks the directory server for a certificate. If the directory server:
  • Does not provide a certificate, the connection proceeds normally
  • Provides an invalid certificate, the connection terminates.
demand Teradata Database asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection terminates.

Supporting Mechanisms for LdapClientTlsReqCert

Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
Mechanism Property Editable?
KRB5 May Be Edited
LDAP
To set a value, you must manually add this property to the TdgssUserConfigFile.xml for the needed mechanisms. See About Editing Configuration Files.

Editing Guidelines