Converting an Existing Non-FIPS-compliant Password - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-12-11
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™

Starting with Vantage version 17.20, configured LDAP service passwords that are non-FIPS-compliant are no longer supported, and must be regenerated to a FIPS-compliant password. The LDAP authentication is disabled until a FIPS-compliant password is configured.

The tdspasswd-reencrypt utility regenerates an existing non-FIPS-compliant LDAP service password that is configured in the TdgssUserConfigFile.xml file to a FIPS-compliant encrypted LDAP service password.

To use the utility, you must have the following:
  • The LdapServicePassword value in the configuration file must be present and be a non-FIPS-compliant encrypted password.
  • The LdapServicePasswordProtected value in the configuration file must be set to "yes," indicating that the LdapServicePassword value is encrypted.

To convert the service password, do the following:

  1. Run the tdspasswd-reencrypt utility at the command line to regenerate the password to stdout.
  2. Update the LdapServicePassword value in configuration file with the new password.
  3. Run run_tdgssconfig for the new password to take effect. A TPA reset is not required.