LOGMECH and LOGDATA BTEQ Commands | Basic Teradata Query - 17.00 - LOGMECH and LOGDATA - Basic Teradata Query

Basic Teradata® Query Reference

prodname
Basic Teradata Query
vrm_release
17.00
created_date
June 2020
category
Programming Reference
featnum
B035-2414-220K

Purpose

LOGMECH:

This control enables users to specify the logon mechanism, such as NTLM, KRB5, LDAP or TD2, which defines the security context under which the established sessions will operate.

If the LOGMECH command is not used, or is used without specifying a logmech_name, the logon will proceed with using the default mechanism name indicated in the TeraGSS XML config file.

LOGDATA

This control enables users to specify a character string that is used to supply non-Teradata-managed user credentials to an external authentication mechanism.

If the LOGDATA command is used without a logdata_string, BTEQ resets the mechanism data string to NULL.

LOGMECH

Valid values for LOGMECH are a single mechanism name up to eight characters in length and not case-sensitive. The initial value for LOGMECH is eight spaces, which specifies the default mechanism. When the LOGMECH command is used without specifying a value, BTEQ sets LOGMECH to its initial default value.

LOGMECH Syntax
LOGMECH syntax

where the following is true:

logmech_name
Defines the logon mechanism. For a discussion of supported logon mechanisms, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.

The name is limited to eight characters; it is not case-sensitive.

LOGDATA

For LOGDATA, valid values are a single mechanism data value up to 32000 bytes in length. When the LOGDATA command is used without specifying a value, BTEQ sets LOGDATA to its initial default value.

LOGDATA Syntax
LOGDATA Syntax

where the following is true:

logdata_string
Indicates the parameters for the logon mechanism (specified using the LOGMECH command). For information about the logon parameters for supported mechanisms, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.

Usage Notes

Because the LOGDATA argument is considered sensitive information, BTEQ (in interactive mode) prompts for a value, which is specified in protected mode (keyboard entry is not displayed). The value cannot be supplied as an argument to the LOGDATA command.

The SHOW CONTROLS command does not display the LOGDATA setting.

For workstation-attached systems, you can use Teradata Wallet in order to keep your database user passwords private and not be exposed in scripts. For more information about using Teradata Wallet for the username and password entries in the LOGDATA command, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.

For more information about using security mechanisms, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.

Example – LOGDATA and LOGMECH

When using the LOGDATA and LOGMECH commands, they must precede the LOGON command. The LOGDATA and LOGMECH commands can occur in either order. The example below is for non-interactive mode use.

The following example demonstrates using the LOGDATA, LOGMECH, and LOGON commands in combination to specify the Windows logon authentication method and associated parameters:

.logmech NTLM;
.logdata joe@domain1@@mypassword;
.logon mydbs;