To identify the method by which they will be authenticated, users must choose a security mechanism as part of the logon string. Security mechanisms also contain configurable properties for customizing user authentication and authorization. If a mechanism is not specified in the logon string, the system will use the default mechanism.
Two categories of authentication are available:
Teradata Database Authentication
Authentication by Teradata Database requires that the user and its privileges be defined in the database. Teradata Database authentication requires use of the TD2 mechanism, which is the default. Unless another mechanism has been set as the default, TD2 need not be specified at logon.
External Authentication
External authentication allows Teradata Database users to be authenticated by an agent running on the same network as Teradata Database and its clients.
External authentication is dependent upon two elements:
The following table shows the different types of external authentication logons.
Type |
Description |
Requirements |
Sign-on without resubmitting user credentials |
||
Single Sign-on |
Users are authenticated in the client domain. Subsequent logons to Teradata Database do not require them to resubmit a username and password. |
|
Sign-on with user credentials |
||
Directory Sign-on |
The user is authenticated by the directory. |
|
Sign-on As |
The user logs on to Teradata Database with a username and password recognizable by the client domain. |
|
For complete information on configuring external authentication and the mechanisms that support it, see Security Administration.