PROXY Mechanism | Teradata Vantage - 17.10 - PROXY Mechanism - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The PROXY mechanism supports user logons through Unity, acting as a proxy for the authentication mechanism in effect at logon and passing user credential information to connected Teradata Vantage systems.

PROXY appears in the TdgssLibraryConfigFile.xml for all installations of Vantage, however, to make a configuration change to PROXY, you must manually copy the mechanism from the TdgssLibraryConfigFile.xml and add it to the TDGSS configuration file.

By default, the MechanismEnabled property is set to yes in the TDGSS version of the TdgssLibraryConfigFile.xml.

You can modify some PROXY support properties without performing a TPA reset. For example, the following can be modified without a TPA reset: MechanismEnabled, CertificateFile, PrivateKeyFile, PrivateKeyPassword, PrivateKeyPasswordProtected, CACertFile, CACertDir, and SigningHashAlgorithm. The rest are either not modifiable or require a TPA reset if you do modify them. run_tdgssconfig indicates when you need to do a TPA reset.

<Mechanism Name="PROXY"
            ObjectId="1.3.6.1.4.1.28698.4.302.1.2"
            LibraryName="gssp2proxy"
            Prefix="Proxy"
            InterfaceType="custom">
            <MechanismProperties
                AuthenticationSupported="yes"
                AuthorizationSupported="yes"
                SingleSignOnSupported="no"
                DefaultMechanism="no"
                MechanismEnabled="yes"
                MechanismRank="80"
                GenerateCredentialFromLogon="yes"
                DelegateCredentials="no"
                MutualAuthentication="yes"
                ReplayDetection="yes"
                OutOfSequenceDetection="yes"
                ConfidentialityDesired="yes"
                IntegrityDesired="yes"
                AnonymousAuthentication="no"
                DesiredContextTime=""
                DesiredCredentialTime=""
                CredentialUsage="0"
                DHKeyP2048="8AB3F86E8D374B782F31DAD5F27D6AFDA30150C11A20CF6346712AE2D2C6B70A5B79D45D4C0C232A065B207B121B2C33E147B5983C38A1087F272703B0B839CBA6F71C5D0EB51EC890934EACF2C7DD2A1DF6F55E89B145A0359D35EF8FB6C561E157B13FF927A35E69963648614902B1034EF71197F545DEF3236244EADAE0689E624CF1245953630AE042BD797C4025E37C51D9F6CBDA0B2278FA7D5CA2D9CA930BE2968330C811A4BA4D0845333C0D62E3EE742154F6B62F2951CD8C73C43B5AA1C7819DEF1D7C9314411E465F8E4796666594AADE0AEB3F1256E5719E7AE54DD34FFDA949634E4A293C5BC60AF258BB9FE558086E83B3DD3D7491966DEE93"
DHKeyG2048="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005"
                ProxySupported="yes"
                CertificateFile=""
                PrivateKeyFile=""
                PrivateKeyPassword=""
                PrivateKeyPasswordProtected="no"
                CACertFile=""
                CACertDir=""
                SigningHashAlgorithm="SHA256"
                />
            <MechQop Value="Default">
                AES-K128_GCM_PKCS5Padding_SHA2_DH-K2048
                AES-K128_CBC_PKCS5Padding_SHA1_DH-K2048
                AES-K192_GCM_PKCS5Padding_SHA2_DH-K2048
                AES-K192_CBC_PKCS5Padding_SHA1_DH-K2048
                AES-K256_GCM_PKCS5Padding_SHA2_DH-K2048
                AES-K256_CBC_PKCS5Padding_SHA1_DH-K2048
            </MechQop>
        </Mechanism>