Enabling and Changing Low, Medium, and High QOP Entries - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2024-04-05
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™

You can enable the LOW, MEDIUM, and HIGH QOP entries for the TD2, PROXY, JWT, and LDAP mechanisms to support the use of QOP security policies. For information about configuring a QOP security policy, see Network Security Policy.

You can change the encryption strength for any entry by substituting another algorithm.

  1. Uncomment the LOW, MEDIUM, and HIGH QOP entries to enable them for use with QOP security policies.
    <!-- LOW SECURITY QOP -->
    <MechQop Value="Low">
        AES-K128_CBC_PKCS5Padding_SHA1_DH-K2048
    </MechQop>
    <!-- MEDIUM SECURITY QOP -->
    <MechQop Value="Medium">
        AES-K192_CBC_PKCS5Padding_SHA1_DH-K2048
    </MechQop>
    <!-- HIGH SECURITY QOP -->
    <MechQop Value="High">
        AES-K256_CBC_PKCS5Padding_SHA1_DH-K2048
    </MechQop>
  2. You can optionally edit the LOW, MEDIUM, and HIGH QOP entries by changing to a stronger encryption algorithm, for example:
    <!-- LOW SECURITY QOP -->
    <MechQop Value="Low">
        AES-K192_GCM_PKCS5Padding_SHA2_DH-K2048
    </MechQop>
  3. After you complete editing, run the run_tdgssconfig utility to update the TDGSSCONFIG GDO.
    /opt/teradata/tdgss/bin/run_tdgssconfig
  4. Run tpareset to activate the changes to the TDGSS configuration.
    tpareset -f “use updated TDGSSCONFIG GDO”

For more information, see Changing the TDGSS Configuration.