The LdapClientTlsReqCert property specifies what checks to perform on directory server certificates (if any), in a TLS-protected session. This property is required when Teradata Database authenticates the directory server.
|never (default)||The database does not require the directory server to provide a certificate, even if CA Certs or CRLs are configured.|
|allow||Teradata Database asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection proceeds normally.|
|try||Teradata Database asks the directory server for a certificate. If the directory server:
|demand||Teradata Database asks the directory server for a certificate. If it does not provide a certificate, or if it provides an invalid certificate, the connection terminates.|
Supporting Mechanisms for LdapClientTlsReqCert
Mechanisms that are not listed in the table do not support this property. The Property Editable column indicates if the setting for a property may be edited.
|KRB5||May Be Edited|
To set a value, you must manually add this property to the TdgssUserConfigFile.xml for the needed mechanisms. See About Editing Configuration Files.
- Edit this property on the database and on Unity, if used. Also see Coordinating Mechanism Property Values for Unity.
- This property is required for optional certificate chain verification. For information, see Verifying the Directory Server Certificate Chain
- Although you can configure this property only in the LDAP mechanism, the effects apply to all external authentication mechanisms.