Introducing Teradata Wallet

Tools
Tools covers the tools and utilities you use to work with Teradata and its supporting ecosystem. You'll find information on everything from the Teradata Eclipse plug-in to load/extract tools.
Enthusiast

Re: Introducing Teradata Wallet

Hi Shawn,

What is change in TD wallet 15.0? I have installed 15.0 in windows and I can not see options to set, change or forget the wallet password. I am not sure if it was removed in 15.00 or it is not applicable for windows. I would like to get a change summary.

Thanks,

Gyanendra

Gyan
Teradata Employee

Re: Introducing Teradata Wallet

There were no changes in this area in 15.0.

Generally, any notable changes can be found in the TTU Release Definition document or in the readme files that accompany the package.

Not applicable

Re: Introducing Teradata Wallet

I was asked to look at the wallet for some projects in the my company...

One of the first questions that popped up is " Is the wallet portable? or is it really more like a locker? "

Okay so what is meant my this, is can we create central wallets in one location and take move them from machine to machine for a user?  or are they only good in one location?

Think of it this way.. My wallet is something I carry around, from store to store and purchase things when needed.

Lockers that I use stay at the location where they are accessed and used.. e.g. Gym, School, work, etc.

If they are not portable, is there a way to backup and restore them on another machine?

Teradata Employee

Re: Introducing Teradata Wallet

xytwan asked:

Is the wallet portable?

You are correct, it is more like a locker than a wallet. The wallet was not designed to be portable as one of many security measures.

We are aware that this poses a problem for some use cases. You may open an incident with our support organization with a detailed description of your concerns, use cases, and desired behavior. In the incident, please reference this commend and ask the support team to contact engineering. We'll try to address this if an alternative solution is provided in the future.

Re: Introducing Teradata Wallet

Are there any other parameters like $(tdpid) that can be used?  I have a number of different IDs that I use and was wondering if there was something like $(username)?  I could then have a mechanism default that would be '$(username)_$(tdpid)'.  I could then use the same password string "$tdwallet" and only change the username and/or tdpid in the .logon tdpid/username,$tdwallet to access the different IDs.

Teradata Employee

Re: Introducing Teradata Wallet

JerryZott -- this was envisioned in the design, but has not been implemented However, I think there's a simple workaround, you would just have to use the '$tdwallet(something)' keyword instead of '$tdwallet' (without something). Instead of asking Teradata Wallet to replace the $(username) keyword with the username provided earlier in the logon string, you could just supply that username twice:

tdpid/username,$tdwallet(username_$(tdpid))

Since you've already exposed the username in your script once, adding it a second time does not raise additional security concerns.

If you also hid the username in your wallet, you could try nested keywords:

tdpid/$tdwallet(usr1),$tdwallet($tdwallet(usr1)_$(tdpid))

Just make sure that all the open parentheses and dollar signs are properly escaped, if necessary, as discussed above.

New Member

Re: Introducing Teradata Wallet

I am trying to use Tdwallet in our enterprise scheduler (ESP) jobs to run our teradata jobs and the scheduler launches these jobs from a Linux slice (client). The ESP uses a non-interactive user id (Usr1) on the linux slice to launch these jobs and Usr1 doesn't have any password on the linux slice.

I know we can create wallet entries for an interactive user and invoke the wallet passwords through a bteq script. I would like to find out how to create wallet entries for the non-interactive client user? 

As showm below, I can only "su - " to the Usr1, but the user doesn't switch to Usr1 and cannot create wallet entries for this Usr1. 

[root@Linux1 ~]# su - Usr1

[root@Linux1 ~]# pwd

/root

[root@Linux1 ~]

My basic question is ,can we create wallet entries for non-interactive client ids? If so, how can we do it.

Any help would be appreciated. 

Teradata Employee

Re: Introducing Teradata Wallet

paluvayi -- there's a difference between a user with no password and a user with no shell access, but this is not my area of expertise. I think the command you want to use after "su" is "whoami", not "pwd". If Usr1 is the effective user, you should be able to create wallet entries. I suspect you should use "tdwallet addsk" instead of "tdwallet add" command. For more info, see

tdwallet help security

If Usr1 is not the effective user, you could try using the expect tool (mentioned in a comment above) to create wallet entries.

Not applicable

Re: Introducing Teradata Wallet

need help in setting up TDWallet.

1. I have installed TDWallet and was able to add item name with value to it.

2. When I tried to refer to this wlet item from "SQL Assistant" it is throwing me following error.

The Teradata Wallet software is not installed

(the HKEY_LOCAL_MACHINE\Software\Teradata\CLient\Teradata Wallet registry key does not exist)

 Another question is, I have some mload scripts on windows server which are executed on TDServer by SSIS packages. How can I use my wallet on the mloads used by these ssis packages.

Please let me know if I am missing anything.

Thanks,

P

Highlighted
Teradata Employee

Re: Introducing Teradata Wallet

sptdata said:

The Teradata Wallet software is not installed

(the HKEY_LOCAL_MACHINE\Software\Teradata\CLient\Teradata Wallet registry key does not exist)

Please make sure you installed the correct Windows package (32-bit or 64-bit). I would also make sure you have the latest available efixes of all Teradata client software from the same release, just in case this issue has already been fixed. If this doesn't help, please open an incident with GSC.

I have some mload scripts on windows server which are executed on TDServer by SSIS packages. How can I use my wallet on the mloads used by these ssis packages.

I don't know anything about SSIS. It sounds like you are executing mload on Teradata DBS nodes. I am hoping this was a conscious decision and you understand the potential impact on server performance. Having said that, you can certainly install Teradata Wallet on the same Teradata DBS nodes where mload executes. You would have to determine under which OS user mload is executed and add wallet entries for that user (on every node). If this doesn't answer your question, please open an incident with GSC.