Home Page for the TeradataForum

Archives of the TeradataForum

Message Posted: Tue, 06 May 2003 @ 06:34:27 GMT

  <Prev Next>   <<First <Prev Next> Last>>  

Subj:   Re: Single Sign On
From:   Prabhjot_Sodhi


Single Sign On is a feature to Logon to the RDBMS with your current NT/Win2K user id. I completely agree with Parag that it is provided on a mutual consent between the Teradata Server and the client and the feature is disabled on the server side by default. You have to follow some simple guidelines to enable the same.

     Imp: Use CLI version which has terrasso.dll.
     You need to authorize SSO in two places:
     1.  dbscontrol
>            M GENERAL 26 = 0     which turns single sign-on on
>            M GENERAL 26 = 1     which turns allows single sign-off
>            M GENERAL 26 = 2     which requires only single sign-on
>    2.  gtwcontrol
>     Gtwcontrol will be modified to include the -a option that
>     requires one of the following arguments:
>            ON or on      indicating allow single sign-on if the dbs
>                          allows single sign-on
>            OFF or off    indicating single single sign-on is not
>                          allowed even if the dbs allows it
>            ONLY or only  indicating only single sign-on is allowed.

These values can be individually set on each host group. The following command will require single sign-on for host group 1:

gtwcontrol -g 1 -a only
gtwcontrol -a ON

Gtwcontrol will add the -T option that toggles the "appenddomainname" option. This option controls whether the domain name of the user is appended to the username when logging on the user. If the W2k system administrator can guarantee that the Windows logon name is unique across all domains, then the "appenddomainname" does not need to be set. If that is not the case, then the "appenddomainname" flag should be turned on. By default, the "appenddomainname" flag will be set to ensure that security will not be breached by having a W2k user name like DBC default being allowed to logon using SSO by default.

  The following SQL commands create a database user corresponding to the Windows user rhh who can log on through a gateway which does not have the append domain name option set:  

      create user rhh as perm = 10000000, password=rhh;
      grant logon on all to rhh with null password;

  If the append domain option is set, the following commands will create the database user for the same Windows user whose account is in the esw2kdev domain.  

      create user "rhh@esw2kdev" as perm = 1e6, password=rhh;
      grant logon on all to "rhh@esw2kdev" with null password;


After following the procedural steps, I suppose you can logon to the RDBMS with your Win2K/NT authentication.

Hope it helps. :-)



  <Prev Next>   <<First <Prev Next> Last>>  
  Top Home Privacy Feedback  
Copyright for the TeradataForum (TDATA-L), Manta BlueSky    
Copyright 2016 - All Rights Reserved    
Last Modified: 27 Dec 2016