External authentication allows Teradata Database users to be authenticated by an agent running on the same network as Teradata Database and its clients.
Teradata Database supports the following external authentication logon types:
- Single sign-on (authentication in the client domain; user credentials do not have to be resubmitted to Teradata Database). The Kerberos, NTLM, SPNEGO, and TDNEGO security mechanisms support Single Sign-on.
- Directory sign-on (authentication by the directory). The LDAP and TDNEGO security mechanisms support Directory Sign-on.
- Sign-on As (user logs on to Teradata Database with credentials the client also recognizes). The Kerberos (Windows only), LDAP, NTLM, SPNEGO, and TDNEGO security mechanisms support Sign-on As.
For complete information on authentication logon types and the mechanisms that support them, see Teradata Vantageā¢ - Advanced SQL Engine Security Administration, B035-1100.