17.10 - Changing the TDGSS Configuration - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)
  1. On the Teradata Vantage node with the lowest ID number, navigate to the directory that provides access to TdgssUserConfigFile.xml.
    cd /opt/teradata/tdat/tdgss/site
  2. Make a backup copy of the TdgssUserConfigFile.xml and save it according to your site standard backup procedures.
  3. Open a text editor, such as vi, and bring up a working copy of the user configuration file:
    vi TdgssUserConfigFile.xml
  4. Edit the properties in the file by deleting the old values and entering new values in accordance with the editing guidelines for each property. For more information, see About Editing Configuration Files.
    Most mechanism properties work best using their factory preset values. Make sure of your reason for wanting to change a property value before you edit it.

    You can add optional LDAP properties to the KRB5, LDAP and SPNEGO mechanisms and edit their default values. Copy only the optional properties you want to use from the LDAP mechanism in the TdgssLibraryConfigFile.xml and paste them into the LDAP mechanism in the copy of the TdgssUserConfigFile.xml you are editing.

  5. Verify the configuration is correct:
    1. Run tdgsstestcfg to test the configuration. It launches a test environment in a new shell that contains the updates to the configuration file.
      /opt/teradata/tdgss/bin/tdgsstestcfg
    2. Run tdgssauth utility to test the newly-configured LDAP properties for their effects on directory user authentication and authorization before you commit the configuration changes to the TDGSSCONFIG GDO.
      /opt/teradata/tdgss/bin/tdgssauth -m ldap -u <dir_user>

      See Working with tdgssauth.

    3. Exit the test shell:
      exit
    4. Continue editing and testing until the configuration is correct.
  6. After you complete editing and any needed testing, run the run_tdgssconfig utility to update the TDGSSCONFIG GDO.
    /opt/teradata/tdgss/bin/run_tdgssconfig
  7. If run_tdgssconfig indicates a TPA reset is required, run tpareset to activate the changes to the TDGSS configuration.
    tpareset -f “use updated TDGSSCONFIG GDO”