Configuring Gateway for Older Interfaces or Proxies | Teradata Vantage - 17.10 - Configuring the Gateway to Allow Logons from Older Interfaces or Proxies - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The gateway can be configured to allow logons from older client interfaces or proxies that do not support Teradata Vantage network security policy, even when security policy is configured. A Gateway Control (gtwcontrol) utility option can be set to allow older clients to log on even if security policy that they are unable to automatically follow has been set for them. This allows a mix of newer clients that can accept security policy from the database and older clients that cannot accept it.

When the gateway has been configured to allow logons from older client interfaces, the client interfaces must be manually configured to be within policy or they will be forced off for violating policy.

When the gateway has been configured to allow logons from older proxies, these proxies cannot guarantee that the clients logging on through them can automatically follow policy, nor can they transmit policy to clients that could otherwise automatically follow it. For this reason, all clients that log on through such proxies must be manually configured to be within policy or they will be forced off for violating policy.

For more information, see Teradata Vantage™ - Database Utilities, B035-1102.

To identify client interfaces or proxies that do not support Teradata Vantage network security policy, see Auditing Logons by Clients that Cannot Automatically Follow Security Policy.

About the Default Setting for --secpcynotsupported logon

By default the gateway does not allow logons by clients or proxies that are unable to support security policy when security policy applies. To restore the default setting, use:

gtwcontrol --secpcynotsupported logon=no

To enable the gateway to allow these logons, use Gateway Control:

gtwcontrol --secpcynotsupported suboptions