LOGMECH and LOGDATA - Basic Teradata Query - 16.20

Basic Teradata Query Reference

prodname
Basic Teradata Query
vrm_release
16.20
category
Programming Reference
featnum
B035-2414-108K

Purpose

LOGMECH:

This control enables users to specify the logon mechanism, such as NTLM, KRB5, LDAP or TD2, which defines the security context under which the established sessions will operate.

If the LOGMECH command is not used, or is used without specifying a logmech_name, the logon will proceed with using the default mechanism name indicated in the TeraGSS XML config file.

LOGDATA

This control enables users to specify a character string that is used to supply non-Teradata-managed user credentials to an external authentication mechanism.

If the LOGDATA command is used without a logdata_string, BTEQ resets the mechanism data string to NULL.

LOGMECH

Valid values for LOGMECH are a single mechanism name up to eight characters in length and not case-sensitive. The initial value for LOGMECH is eight spaces, which specifies the default mechanism. When the LOGMECH command is used without specifying a value, BTEQ sets LOGMECH to its initial default value.

Syntax for LOGMECH



where the following is true:

logmech_name
Defines the logon mechanism. For a discussion of supported logon mechanisms, see Security Administration (B035-1100).

The name is limited to eight characters; it is not case sensitive.

LOGDATA

For LOGDATA, valid values are a single mechanism data value up to 32000 bytes in length. When the LOGDATA command is used without specifying a value, BTEQ sets LOGDATA to its initial default value.

Syntax for LOGDATA



where the following is true:

logdata_string
Indicates the parameters for the logon mechanism (specified using the LOGMECH command). For information about the logon parameters for supported mechanisms, see Security Administration (B035-1100).

Usage Notes

Because the LOGDATA argument is considered sensitive information, BTEQ (in interactive mode) prompts for a value, which is specified in protected mode (keyboard entry is not displayed). The value cannot be supplied as an argument to the LOGDATA command.

The SHOW CONTROLS command does not display the LOGDATA setting.

For network-attached systems, you can use Teradata Wallet in order to keep your Teradata Database passwords private and not be exposed in scripts. For more information about using Teradata Wallet for the username and password entries in the LOGDATA command, see Security Administration (B035-1100).

For more information about using security mechanisms, see Security Administration (B035-1100).

Example – LOGDATA and LOGMECH

When using the LOGDATA and LOGMECH commands, they must precede the LOGON command. The LOGDATA and LOGMECH commands can occur in either order. The example below is for non-interactive mode use.

The following example demonstrates using the LOGDATA, LOGMECH, and LOGON commands in combination to specify the Windows logon authentication method and associated parameters:

.logmech NTLM;
.logdata joe@domain1@@mypassword;
.logon mydbs;