Prior to Release 17.10, when the TDGSS configuration changed, a TPA reset was required for the new values in the TDGSSCONFIG GDO to take effect. In Release 17.10 and later, the following can be modified without a tpareset:
- Any attribute or property whose name begins with "Ldap" for KRB5 and LDAP
- MechanismEnabled property for KRB5, LDAP, JWT, and PROXY
- AuthorizationSupported property for KRB5 and LDAP
- LDAP Service ID and password with no impact to user LDAP logons
- The following properties in the PROXY mechanism:
- CertificateFile
- PrivateKeyFile
- PrivateKeyPassword
- PrivateKeypasswordProtected
- CACertFile
- CACertDir
- SigningHashAlgorithm
- Any JWT mechanism property whose name begins with "JWT"
- All canonicalizations including the lightweight authorization structures
Changes to the following still requires a tpareset:
- Changes to any mechanism property not mentioned above require a tpareset
- QoP configuration
- Local or global policy configuration, including service name changes
- TDNEGO and SPNEGO
For more information, see Teradata Vantageā¢ - Advanced SQL Engine Security Administration, B035-1100, available at https://docs.teradata.com/.