Modifying the User Configuration File | Teradata Vantage - 17.10 - Modifying the User Configuration File - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

Globally Distributed Objects, (GDOs) are named objects that are kept consistent across all nodes and vprocs in a Teradata Database system. GDOs store system settings and configuration information that is shared by all nodes of the system.

The TPA Reset utility, tpareset, resets Teradata Database. tpareset is used when certain values in the TdgssUserConfigFile.xml configuration file are modified.

For many TDGSS configuration changes a TPA reset is not required for the new values in the TDGSSCONFIG GDO to take effect. The following can be modified without a TPA reset:

  • Any attribute or property whose name begins with "Ldap" for KRB5 and LDAP
  • MechanismEnabled property for KRB5, LDAP, JWT, and PROXY
  • AuthorizationSupported property for KRB5 and LDAP
  • LDAP Service ID and password with no impact to user LDAP logons
  • The following properties in the PROXY mechanism:
    • CertificateFile
    • PrivateKeyFile
    • PrivateKeyPassword
    • PrivateKeypasswordProtected
    • CACertFile
    • CACertDir
    • SigningHashAlgorithm
  • Any JWT mechanism property whose name begins with "JWT"
  • All canonicalizations including the lightweight authorization structures

The following configuration changes require a tpareset:

  • Changes to any mechanism property not mentioned above require a tpareset
  • QoP configuration
  • Local or global policy configuration, including service name changes
  • TDNEGO and SPNEGO

run_tdgssconfig is executed when the configuration file is updated. It indicates if a TPA reset is required.