Examples: Enabling Clients and Proxies that are Unable to Automatically Support Security Policy to Log On - Advanced SQL Engine - Teradata Database

Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Published
July 2021
Language
English (United States)
Last Update
2022-02-15
dita:mapPath
ppz1593203596223.ditamap
dita:ditavalPath
wrg1590696035526.ditaval
dita:id
B035-1100
lifecycle
previous
Product Category
Teradata Vantageā„¢

Example: Enabling Logon for All

Setting the --secpcynotsupported logon flag to all configures the gateway to allow logons using clients or proxies that are unable to automatically support security policy, even when policy applies.

gtwcontrol --secpcynotsupported logon=all

A client that cannot automatically follow policy that has not been manually configured to be within policy can send a single out-of-policy message per session before the security violation is caught and the session is logged off.

Proxies that cannot automatically follow security policy cannot guarantee that the clients that connect through them follow policy, nor can they transmit policy to clients that could otherwise follow it. For this reason, all clients that log on through such proxies must be manually configured to be within policy, even if they are otherwise capable of following policy automatically. In practice, the gateway can identify security violations by client sessions logged on through such a proxy and log them off, but not until after a single out-of-policy message has already been sent.

Example: Enabling Logon for Clients

Setting the --secpcynotsupported logon flag to client configures the gateway to allow logons using clients that are unable to automatically support security policy, even when policy applies.

gtwcontrol --secpcynotsupported logon=client

A client that cannot automatically follow policy that has not been manually configured to be within policy can send a single out-of-policy message per session before the security violation is caught and the session is logged off.

Example: Enabling Logon for Proxy

Setting the --secpcynotsupported logon flag to proxy configures the gateway to allow logons through proxies that are unable to automatically support security policy, even when policy applies.

gtwcontrol --secpcynotsupported logon=proxy

Proxies that cannot automatically follow security policy cannot guarantee that the clients that connect through them follow policy, nor can they transmit policy to clients that could otherwise follow it. For this reason, all clients that log on through such proxies must be manually configured to be within policy, even if they are otherwise capable of following policy automatically. In practice, the gateway can identify security violations by client sessions logged on through such a proxy and log them off, but not until after a single out-of-policy message has already been sent.