The validated logon function allows applications to omit a password when logging on to the Teradata Database from mainframe-attached client systems. (Logon requests from network-attached systems always require a password.) This function is also supported by the TDPLGUX User Logon Exit interface and the TDPUAX Address Space Exit.
TDP security processing for validated logon requests can be handled by the security logon function, or by TDPLGUX or TDPUAX, or any combination of the three, depending on your system configuration.
Before any user can log onto the Teradata Database, the user name must be defined in the database. A typical user name definition would be:
CREATE USER SAMPUSER AS PERM=10000000 PASSWORD=MYPASSWORD;
This would define user name SAMPUSER with ten megabytes reserved for tables and associated data structures, and a logon password of MYPASSWORD. (The user definition must include a password, even if you intend to use the validated logon feature.)
With this definition, the user could log on to the Teradata Database by specifying the TDPid associated with the RDBMS, a user name of SAMPUSER, and a password of MYPASSWORD.
Before the user could omit the password from the logon string, per the validated logon function:
- The Teradata Database system administrator would have to grant logon access with a null password.
- The system security administrator would have to create the appropriate user resource profiles or access rules in the external security manager application database.
See the setup procedure in the following subsection for a complete description of these tasks.