Modifying the User Configuration File | Teradata Vantage - Modifying the User Configuration File - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

Globally Distributed Objects, (GDOs) are named objects that are kept consistent across all nodes and vprocs in a Teradata Database system. GDOs store system settings and configuration information that is shared by all nodes of the system.

The TPA Reset utility, tpareset, resets Teradata Database. tpareset is used when certain values in the TdgssUserConfigFile.xml configuration file are modified.

For many TDGSS configuration changes a TPA reset is not required for the new values in the TDGSSCONFIG GDO to take effect. The following can be modified without a TPA reset:

  • Any attribute or property whose name begins with "Ldap" for KRB5 and LDAP
  • MechanismEnabled property for KRB5, LDAP, JWT, and PROXY
  • AuthorizationSupported property for KRB5 and LDAP
  • LDAP Service ID and password with no impact to user LDAP logons
  • The following properties in the PROXY mechanism:
    • CertificateFile
    • PrivateKeyFile
    • PrivateKeyPassword
    • PrivateKeypasswordProtected
    • CACertFile
    • CACertDir
    • SigningHashAlgorithm
  • Any JWT mechanism property whose name begins with "JWT"
  • All canonicalizations including the lightweight authorization structures

The following configuration changes require a tpareset:

  • Changes to any mechanism property not mentioned above require a tpareset
  • QoP configuration
  • Local or global policy configuration, including service name changes
  • TDNEGO and SPNEGO

run_tdgssconfig is executed when the configuration file is updated. It indicates if a TPA reset is required.