17.10 - Enabling and Changing Low, Medium, and High QOP Entries - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

You can enable the LOW, MEDIUM, and HIGH QOP entries for the TD2, PROXY, JWT, and LDAP mechanisms to support the use of QOP security policies. For information about configuring a QOP security policy, see Network Security Policy.

You can change the encryption strength for any entry by substituting another algorithm.

  1. Uncomment the LOW, MEDIUM, and HIGH QOP entries to enable them for use with QOP security policies.
    <!-- LOW SECURITY QOP -->
    <MechQop Value="Low">
        AES-K128_CBC_PKCS5Padding_SHA1_DH-K2048
    </MechQop>
    <!-- MEDIUM SECURITY QOP -->
    <MechQop Value="Medium">
        AES-K192_CBC_PKCS5Padding_SHA1_DH-K2048
    </MechQop>
    <!-- HIGH SECURITY QOP -->
    <MechQop Value="High">
        AES-K256_CBC_PKCS5Padding_SHA1_DH-K2048
    </MechQop>
  2. You can optionally edit the LOW, MEDIUM, and HIGH QOP entries by changing to a stronger encryption algorithm, for example:
    <!-- LOW SECURITY QOP -->
    <MechQop Value="Low">
        AES-K192_GCM_PKCS5Padding_SHA2_DH-K2048
    </MechQop>
    
  3. After you complete editing, run the run_tdgssconfig utility to update the TDGSSCONFIG GDO.
    /opt/teradata/tdgss/bin/run_tdgssconfig
  4. Run tpareset to activate the changes to the TDGSS configuration.
    tpareset -f “use updated TDGSSCONFIG GDO”

For more information, see Changing the TDGSS Configuration.