Single Sign-On - Call-Level Interface Version 2

Teradata Call-Level Interface Version 2 Reference for Workstation-Attached Systems

Product
Call-Level Interface Version 2
Release Number
16.10
Published
May 2017
Language
English (United States)
Last Update
2018-05-01
dita:mapPath
ggf1488824663364.ditamap
dita:ditavalPath
Audience_PDF_include.ditaval
dita:id
B035-2418
lifecycle
previous
Product Category
Teradata Tools and Utilities
Single Sign-On (SSO) is available only in the Windows environment. This feature has two modes of operations:
  • Direct sign-on
  • Third-party sign-on

Direct Sign-On

Direct sign-on permits a user to logon to a Teradata Database without providing a user name and password; an account string may or may not be necessary. The Windows user identity must match the Teradata username and the username must have previously been granted the logon with null password privilege.

Third-Party Sign-On

Third-party sign-on is designed for use by application servers that log on to a Teradata Database on behalf of a user through an API. Third-party sign-on requires that a user supply a username, password, and, possibly, a domain name to the application server. As with direct sign-on, the username must have previously been granted the logon with null password privilege.

A Logon parcel that does not contain a userid and a password will be interpreted as an SSO logon.

For direct sign-on SSO to work correctly, the GUILOGON environment variable must be set to NO. Otherwise, CLI will display the GUILOGON dialog box.

For more information, see “Creating A User for Single Sign-On” and “LOGON Statement” in the SQL Fundamentals (B035-1141) and “Single Sign-On” in the Utilities manual (B035-1102).

Encrypted Logon

If encryption support is switched on at the server (gateway), then CLI will send the logon string in encrypted form. The process of logon encryption is abstracted from and cannot be controlled by the applications.