Using Single-Sign-On (SSO) in OLE DB Access Module

Tools
Tools covers the tools and utilities you use to work with Teradata and its supporting ecosystem. You'll find information on everything from the Teradata Eclipse plug-in to load/extract tools.
Teradata Employee

Using Single-Sign-On (SSO) in OLE DB Access Module

Benefits:

Enabling Single-Sign-On (SSO) feature in OLE DB Access Module adds several benefits. Some of them are:

  • Provides ease-of-use because the user need not remember and enter his password.
  • Provides security, because the password would not need to be stored in the .amj (Access Module Job) file when this is in effect. 
  • Changing the Teradata user password would not cause jobs based on the .amj to break.

 How to use:

In OleLoad (OLE DB Access Module GUI) dialog box, under “Teradata Connection Information” dialog box, an option is present to enable or disable this feature.

  • Open OleLoad GUI and select source/destination as “Teradata Database”.
  • A dialog box named “Teradata OleLoad - Teradata Connection Information” will appear.
  • Click the button “More>>” to show complete list of logon parameters for input. Ignore this step if “More>>” button is not visible.
  • The dialog box will looks similar to following screen captures. First screen capture shows before selecting SSO feature and second screen capture shows after selecting SSO feature.

  • Note that several logon parameters such as “User id”, “password”, “Mechanism parameters” are disabled when “Use SSO” check-box is selected.
  • Also, note that only KRB5, NTLM and SPNEGO supports SSO, so “Mechanism” drop down list also got updated to choose desired option.

 Preliminary requirement:

  • SSO works on same domain, so Teradata database has to be running the same domain on which used logged on.
  • A user should have been created in Teradata database with permission to logon without password. To do that following steps should be followed:
    • Create user with password and perm space.
    • Give permission for null password similar to following command:
      • grant logon on all to <username> with null password

This ensures the user exist before attempting for a session.

  • There might be additional setting required for specific mechanisms which should be performed based on requirement.
1 REPLY
Teradata Employee

Re: Using Single-Sign-On (SSO) in OLE DB Access Module

Thanks for the information. Crystal clear!