Securing passwords in Fastload, Multiload, etc in UNIX

Tools
Enthusiast

Securing passwords in Fastload, Multiload, etc in UNIX

We have just had Teradata Tools and Utilities loaded to our test UNIX (AIX) environment. We can run Fastload, Multiload and FastExport scripts successfully using such command line entries as
fastload < script.fastload
but want to avoid having logons and passwords in the script when we set up jobs for batch running in production. Please can you tell me how to do this? I am an Oracle (SQL+ and PL/SQL) developer with limited Unix knowledge. I have got this far using Teradata manuals.

Many thanks,

Susan
2 REPLIES
Teradata Employee

Re: Securing passwords in Fastload, Multiload, etc in UNIX

In ascending level of difficulty:

You can put the LOGON statement in a separate file and use .RUN command in your scripts to invoke it.

You can implement a CLI Logon User Exit (C program) to intercept and modify the LOGON request before it is submitted to the DBMS.

You can implement external authentication (e.g. Kerberos or LDAP). That requires configuration changes on both the "client" and the gateway on DBMS nodes, as documented in the Security Administration manual.
Enthusiast

Re: Securing passwords in Fastload, Multiload, etc in UNIX

I replaced the logon and password in the script with .run logon.txt where the file logon.txt contained the logon and password and it worked with no problem. I am now asking our UNIX people how the logon.txt file can be secured so it can only be read by the unix logon running our production jobs. I can't imagine that should be too difficult as it is standard UNIX stuff. The only issue I can think of is if we cannot obtain our production password to populate that file initially.

Thank you very much for your help,

Susan