If you plan to use the authorization to authenticate to Kerberos on a foreign server then you must use either INVOKER TRUSTED or DEFINER TRUSTED.
The following two examples establish authorization for the user who invokes the object. The credentials are encrypted and stored as a database object in the user database.
CREATE AUTHORIZATION sales AS INVOKER TRUSTED USER 'johnson' PASSWORD 'Secret' ;
REPLACE AUTHORIZATION sales AS TRUSTED USER 'williams' PASSWORD 'topsecret' ;
If you want to make the authorization available globally, create the authorization on TD_SERVER_DB using the DEFINER TRUSTED type. If you use DEFINER TRUSTED, as in this example, then the credentials for proxy_1 are stored in the remote_system1 authorization that is created in the TD_SERVER_DB database.
CREATE AUTHORIZATION TD_SERVER_DB.remote_system1 AS DEFINER TRUSTED USER 'proxy_1' PASSWORD 'Global' ;