tdspasswd-reencrypt Examples - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-12-11
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™

Example: Using tdspasswd-reencrypt with No Options

Utility uses the LDAP service password in the MechanismProperties section as shown below.
<Mechanism Name="ldap">
  <MechanismProperties
    . . .
    UseLdapConfig="no"
    LdapServicePasswordProtected="yes"
    LdapServicePassword="non-fips-encrypted-password"
    />

tdspasswd-reencrypt Call with No Options

# tdspasswd-reencrypt

tdspasswd-reencrypt Output When Not Using Options

tdgss_configure warning:
TDGSS_BIN_FILE not set.
TDGSSCONFIG GDO used in tdgss.

re-encrypted-fips-compliant-password

Example: Using tdspasswd-reencrypt with Service

Utility uses the LDAP service password in the Services section as show below.

<LdapConfig>
  <Services>
    <Service
      Id="reencrypt-service"
      . . .
      LdapServicePasswordProtected="yes"
      LdapServicePassword="non-fips-encrypted-password" />
    </Services>
</LdapConfig>

tdspasswd-reencrypt Call Using Service

# tdspasswd-reencrypt -s reencrypt-service

tdspasswd-reencrypt Output When Using Service

tdgss_configure warning:
TDGSS_BIN_FILE not set.
TDGSSCONFIG GDO used in tdgss.

re-encrypted-fips-compliant-password

Example: tdspasswd-reencrypt Call for Information

# tdspasswd-reencrypt -?

tdspasswd-reencrypt Output with Explanation

tdspasswd-reencrypt -- Generates a FIPS-compliant encrypted LDAP password using the existing non-FIPS-compliant
encrypted password stored in the LdapServicePassword LDAP property from configuration.
Notes:
- The LdapServicePassword value in the configuration file must be present and be a non-FIPS-compliant encrypted.

-The LdapServicePasswordProtected value in the configuration file must be set to "TRUE", indicating that the LdapServicePassword value is encrypted.

- The user must update the configuration with the new password and issue "run_tdgssconfig" for it to take effect.

A TPA reset is not required.

Usage: tdspasswd-reencrypt [options]

Where the optional [options] is one of:

-s <service>: The service from which the LdapServicePassword value is to be used.

Ex: tdspasswd-reencrypt
tdspasswd-reencrypt -s <service_name>