For improved security, the application can optionally use a token-based authentication instead of basic authentication. The token is sent with each request over a two hour period without you having to supply your credentials with each request.
No administrative actions are necessary to enable this feature if you are running a single instance of the Query Service.
Do the following when running multiple instances of the Teradata Query Service behind a load balancer:
- Switch the key store key strategy from random to hash on each server by adding credential.key.store.random=false to the /opt/teradata/rest/tdrest/application.properties file.
- Keep the credential store keys synchronized on all servers by manually copying the file /etc/opt/teradata/rest/credentials.jks from one server to the remaining servers.