TPA Reset/TDGSS Configuration| Advanced SQL Engine 17.10 - TPA Reset No Longer Required for Some TDGSS Configuration Changes - Advanced SQL Engine - Teradata Database

Teradata Vantageā„¢ - Advanced SQL Engine Release Definition

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2021-07-27
dita:mapPath
xvd1618799188927.ditamap
dita:ditavalPath
xvd1618799188927.ditaval
dita:id
B035-1725
lifecycle
previous
Product Category
Teradata Vantage
Prior to Release 17.10, when the TDGSS configuration changed, a TPA reset was required for the new values in the TDGSSCONFIG GDO to take effect. In Release 17.10 and later, the following can be modified without a tpareset:
  • Any attribute or property whose name begins with "Ldap" for KRB5 and LDAP
  • MechanismEnabled property for KRB5, LDAP, JWT, and PROXY
  • AuthorizationSupported property for KRB5 and LDAP
  • LDAP Service ID and password with no impact to user LDAP logons
  • The following properties in the PROXY mechanism:
    • CertificateFile
    • PrivateKeyFile
    • PrivateKeyPassword
    • PrivateKeypasswordProtected
    • CACertFile
    • CACertDir
    • SigningHashAlgorithm
  • Any JWT mechanism property whose name begins with "JWT"
  • All canonicalizations including the lightweight authorization structures
Changes to the following still requires a tpareset:
  • Changes to any mechanism property not mentioned above require a tpareset
  • QoP configuration
  • Local or global policy configuration, including service name changes
  • TDNEGO and SPNEGO

For more information, see Teradata Vantageā„¢ - Advanced SQL Engine Security Administration, B035-1100, available at https://docs.teradata.com/.