17.20 - Examples: Enabling Clients and Proxies that are Unable to Automatically Support Security Policy to Log On - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

Example: Enabling Logon for All

Setting the --secpcynotsupported logon flag to all configures the gateway to allow logons using clients or proxies that are unable to automatically support security policy, even when policy applies.

gtwcontrol --secpcynotsupported logon=all

A client that cannot automatically follow policy that has not been manually configured to be within policy can send a single out-of-policy message per session before the security violation is caught and the session is logged off.

Proxies that cannot automatically follow security policy cannot guarantee that the clients that connect through them follow policy, nor can they transmit policy to clients that could otherwise follow it. For this reason, all clients that log on through such proxies must be manually configured to be within policy, even if they are otherwise capable of following policy automatically. In practice, the gateway can identify security violations by client sessions logged on through such a proxy and log them off, but not until after a single out-of-policy message has already been sent.

Example: Enabling Logon for Clients

Setting the --secpcynotsupported logon flag to client configures the gateway to allow logons using clients that are unable to automatically support security policy, even when policy applies.

gtwcontrol --secpcynotsupported logon=client

A client that cannot automatically follow policy that has not been manually configured to be within policy can send a single out-of-policy message per session before the security violation is caught and the session is logged off.

Example: Enabling Logon for Proxy

Setting the --secpcynotsupported logon flag to proxy configures the gateway to allow logons through proxies that are unable to automatically support security policy, even when policy applies.

gtwcontrol --secpcynotsupported logon=proxy

Proxies that cannot automatically follow security policy cannot guarantee that the clients that connect through them follow policy, nor can they transmit policy to clients that could otherwise follow it. For this reason, all clients that log on through such proxies must be manually configured to be within policy, even if they are otherwise capable of following policy automatically. In practice, the gateway can identify security violations by client sessions logged on through such a proxy and log them off, but not until after a single out-of-policy message has already been sent.