TDGSS Security Administration Tools | Teradata Vantage - 17.10 - Security Administration Tools - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The following security administration tools are included with the installation of TDGSS.

Tool Description
dumpcfg Allows you to view the TDGSS or TeraGSS configuration settings. These settings are stored in tdgssconfig.gdo, a binary-format globally distributed object file used by the database, or a flat file named tdgssconfig.bin for Unity or TTU clients.

See Using the dumpcfg Utility to Check the Current Configuration.

ipdir2bin Adds directory-based IP restrictions to the IP GDO.

See Enabling Directory-Based IP Restrictions with the ipdir2bin Utility.

ipxml2bin Adds XML based IP restrictions to the IP GDO.

See Enabling XML-Based IP Restrictions with the ipxml2bin Utility.

ldapadd Standard LDAP tool used to add objects to the directory.

See the sections beginning with Creating the Top-Level Objects in the DIT.

ldapmodify Used when adding Teradata schema extensions to a directory.

See Installing Teradata Schema Extensions in a Certified Directory.

ldapsearch Used when testing directory access to find directory objects, such as a user or the RootDSE Object.

See About Ldapsearch.

nodenames Obtains the list of host names that are used when generating signed certificates. Used by and with tlsutil. See About nodenames.
run_tdgssconfig Required by Unity to enable edits to TdgssUnityConfig.xml, for example, when you add a new mechanism or configure a mechanism property.

See Making Changes to TdgssUserConfigFile.xml on Database Nodes.

Note that TdgssUnityConfig.xml has the exact same format as TdgssUserConfigFile.xml, but is used specifically for Unity configuration.

tdgssauth Test and verify that security mechanism configurations are valid before bringing them live. You can use it with LDAP, Kerberos, and TDNEGO on Unity servers and Advanced SQL Engine nodes.

See Working with tdgssauth.

tdgssgetinfo Collects and displays information used to determine the health of the TDGSS or TeraGSS installed on the system. See tdgssgetinfo.
tdsbind Deprecated.
Teradata recommends using tdgssauth instead of tdsbind.
tdspolicy Identifies security policy restrictions that apply to a specified user, profile, and IP address. See Investigating Security Policy Assignments.
tdgssauth can be used instead of tdspolicy.
tdspasswd Generates and stores passwords in encrypted form:
  • When configuring LdapServicePassword, for example, when creating a service bind. See Using Service Binds.
  • For changing a user password.
tdgsstestcfg Tests that TdgssUserConfigFile.xml changes are valid before making them permanent with run_tdgssconfig. See Working with tdgsstestcfg.
tlsutil Creates and installs signed certificates and private keys on SQL Engine. Used for TLS configuration. See About tlsutil.