Logging on to Teradata RDBMS without password 1

[smitakale]

Hi,
I performed following steps for granting user logon with NULL password on Network attached system -
1. Created Administrative user with EXECUTE permission on macros DBC.AccLogRule and DBC.LogonRule.
2. Created user 'testuser' using this Administrator with temporary password.
3. Granted logon with NULL PASSWORD to this user using st - GRANT LOGON ON ALL to testuser WITH NULL PASSWORD;
4. Tried to log on using 'testuser' without password through BTEQ, WinDDI, queryman and WinSQL utilities.
But its not working.
Can someone tell me if i missed some step. Or something else is to be done for granting user null password privilege.
Teradata RDBMS I am using is Version 2 Release 4.01.02. and Teradata client is TUF 6.1.1.
Any help in this regard will be highly appretiated.

Thanks,
Smita.

 

[tdatgod]

Hi,
Are you using Teradata RDBMS Version 2 Release 4.01.02 for windows or MPRAS?

On MPRAS NULL PASSWORD is only allowed from the Mainframe.

On the windows version of Teradata it will only work if you add the Domain name to testuser.

for example.

create user "testuser@mydomain" ...

 

[smitakale]

Hi,

Thanks for quick response.

I tried it that way. But it didn't work.

I'll give the details steps I have performed.
1. logged on to BTEQ as administrative user.
1. create user "testuser@domain_name" as perm=10000,password=secret;
2. grant logon on all to testuser with null password;

Now if I try to logon from BTEQ, WINSQL, WINDDI as
1. username: testuser and without password it fails.
2. username: testuser@domain_name and without password it fails.
3. username: testuser@domain_name and password: secret it logs on successfully.

Actually in BTEQ documentation it is written that for network attached system password is must in the logon string while logging on through BTEQ.

And for channel connected systems, we need to write security routines in TDP for NULL
PASSWORD rights. Do we need to do something similar for network attached systems?

I am running teradata on Windows 2000 server.

waiting for reply.

Thanks,
Smita.

 

[tdatgod]

Hi,
OK. other restrictions......

Your Teradata user name must be identical to your windows 2000 logon name. The way NULL password works is we use your Windows logon name and we use Kerberos or NTLM user authentication to verify your user identity.

if your windows 2000 logon is

domain\bob

your teradata user must be

bob@domain.

then you when you logon to bteq you say

.logon box

The other question is what kind of DOMAIN controller do you have on your network. Windows 2000 domain control or Windows NT domain controller?

Kerberos authentication works only if you have a windows 2000 domain controller, a windows 2000 teradata server and that your client Bteq, queryman whatever is running on a windows 2000 box.

If any of the parts are windows NT it will use NTLM.



----

 

[tdsmart]

Hi smitakale,

You need to check two more things here ..the single sign on feature should be enabled in dbscontrol and also in gtwcontrol.

Go to Teradata Command prompt :

Say - gtwcontrol -d
You will see something like this :

d:\ncr\tdat>gtwcontrol -d
gdo version: 5, created on Thu Oct 18 15:12:17 2001

systemname: prodtnt
number of host groups: 1, number of gateway vprocs 1
max logfile size: 5000000
event trace cnt: 32
gtwglobal logon name: DBC
hgid: 1
assign vprocid: 8192
assigntrace: no
logons enabled: yes
session timeout in minutes: 20
max sessions per node: 600
malloctrace: no
iothread check frequency in minutes: 10
max io threads per type (msg/net): 50
initial io threads per type (msg/net): 5
Single Sign-On Authentication: on
Append Domain Name: no
Connection trace: yes
vproc id: 8192 status: Online


In the above output the Single Sign-On should be set to "on". If not, do "gtwcontrol -a on"

If the Append Domain Name is "no", you should not create the user with the domain extension.

Also, the domain of the user should be a trusted domain of the Teradata domain.

Verify the Single Sign-On setting dbscontrol as follows :

Click on Start->Programs->Teradata RDBMS->DatabaseWindow

Click on Supvr window ->Give command "start dbscontrol"
A new window opens - say display
In general fields, the 26th filds should be "0"(on). If not, say m g 26=0 then write


Now, from bteq say .logon tdpid/,;
Press enter for user id and password if asked. You can turn off the user id and password prompt using .logonprompt off

From queryman, when connecting check "Use integrated Security" in the odbc userid and password dialogue box.