All Forums Database
StevenSchmid 33 posts Joined 07/11
03 Jun 2014
Disable TD2 logon but allow LDAP for certain users

Hi
We have LDAP authentication at Customer site for users, but also use TD2 connection for internal accounts such as SYSDBA.
When the end user accounts are created, they have a default password assigned as required in the create user statement, but then we grant logon with NULL password to allow for LDAP authenication, i.e. GRANT LOGON ON ALL TO <UserId > WITH NULL PASSWORD ;
An end user could logon with TD2 if the password is known that was assigned in the create user statement.  Is there a way to disable TD2 logons for the end users only, allowing them to only logon with their LDAP password ?
Cheers
Steven
 

Steven Schmid Teradata DBA Canberra, Australia
geethareddy 37 posts Joined 10/11
26 Jun 2014

There is a way to do this by enabling the strong password profile settings. 
Let me know if you need further details.

Geeta.

Thanks,
Geeta

Micron1384 2 posts Joined 11/14
29 Jan 2016

Hi,
can you pls share more details on how to enable strong password profile settings
 
Regards,
Chris

k

ssomayajula 4 posts Joined 05/09
31 Jan 2016

Do you want all the end users to connect through LDAP only while your internal users (such as SYSDBA) allowed to connect through TD2? Are you trying to find a way to do this at the database server?

Fred 1096 posts Joined 08/04
03 Feb 2016

If they don't know the password, they can't use TD2 authentication. The issue is that someone could potentially authenticate via LDAP, then change their TD2 password, and they subsequently would be able to use TD2 successfully. But you can set a combination of password controls in the user profile that is impossible to satisfy, which will prevent the users from changing their TD2 password.

Arsalan_Ahmed 1 post Joined 02/16
16 Feb 2016

Hi, Please share an example of password setting that cannot be satified.  

Fred 1096 posts Joined 08/04
17 Feb 2016

Require some combination of upper/lower case letters, digits, special characters but restrict max length to 1.

Fred 1096 posts Joined 08/04
17 Feb 2016

Require some combination of upper/lower case letters, digits, special characters but restrict max length to 1 character.

You must sign in to leave a comment.