- -a ExternalAuthentication
- Enables or disables external authentication, as follows:
ExternalAuthentication Description off Rejects external authentication and accepts traditional logons. on (Teradata default) Accepts both external authentication and traditional logons. only Accepts external authentication and rejects traditional logons. - --auditnetsecurity[={yes|no|ct}]
- Intended for use in security audits.
- -b { socketbuffersize | default | auto }
- Specifies the SND and RCV buffer sizes, as follows:
Option Description socketbuffersize Specifies the buffer size in bytes. The valid range is 65588 through 2147483647 bytes.
default Specifies to use the default setting. The gateway chooses the default setting that is appropriate for most circumstances. This setting is set automatically by the Linux auto-tuning feature, but depends on the database software release. Unless you are thoroughly familiar with TCP/IP and SND/RCV buffer sizing, you should only change this setting under the direction of Teradata Support Center personnel.auto - -c connectiontimeout
- Controls the logon message timeout in seconds. The Gateway terminates any session for which a message in the logon sequence is not received in a timely manner. The turnaround time for any message during the logon should be less than the value in the connectiontimeout setting.
- -d
- Displays current setting of the Gateway GDO.
- -e Eventcnt
- Specifies the number of event trace entries.
- -F [ OFF | ON ]
- This option is deprecated. Do not use.Toggles "append domain names" for authentication schemes in which domain names are required to define user identities uniquely.
- -f Logfilesize
- Specifies the maximum log file size.
- -g Hostnumber
- Specifies a host group to which the host-specific settings in this invocation of gtwcontrol will be applied. If you do not specify this option, the host settings are applied to all host groups.
- -h
- Displays help on gtwcontrol options.
- -i InitialIothreads
- Specifies the number of threads of each type that are started initially for the processing of LAN messages. When adjusting the number of threads to match the load, the number of threads of each type will never be reduced below this number.
- -j EnableChannelBinding
- This option is intended for use with Teradata Unity.Enables binding TDGSS-API authentication mechanisms to secure channels at lower network layers for those mechanisms that support channel binding. (PROXY is the only mechanism that currently supports channel binding.) Channel binding verifies the endpoints of the lower level network layers to eliminate man-in-the-middle attacks. In the case of the PROXY mechanism, channel binding also makes it more difficult to use stolen certificates to pretend to be a legitimate endpoint.
- -k keepalivetimeout
- Specifies how long the connection between the gateway and a client remains idle before the operating system begins probing to see if the connection has been lost.
- -L [ OFF | ON ]
- Toggles enable logons.
- -m MaximumIothreads
- Specifies the maximum number of threads per type. When adjusting the number of threads to match the load, the number of threads of each type will never be increased above this number.
- --monitorlib suboption [,…]
- Used to control a loadable library for database monitoring. Such libraries are provided by third-party providers of Database Activity Monitoring tools.
suboption Description load=[yes|no] yes Loads the monitoring library. no (default) Disables the library if it has been loaded. If the library has been disabled by setting this value to no, it will not be reloaded by setting this value to yes until after the next database restart.
copy=[no|yes|verify] Determines the method used by the gateway to pass database data, as follows: no (default) Passes the original data buffer directly to the monitoring tools. yes Creates a dynamic data buffer, copies the data from the original data buffer to the new buffer, and sends the new data buffer to the monitoring tools of the third-party monitoring provider. verify Implies copy=yes, and causes the gateway to compare the data in the new and original data buffers (after sending the new data buffer to the monitoring tools), to verify that the monitoring tools did not change any data in the new data buffer. trace=[yes|no|all] Controls the diagnostic trace facility of the monitoring library, as follows: yes (default) Causes the monitoring library to log only error messages. no Causes the monitoring library to log both error and warning messages. all Logs all messages, including errors and warnings, and any other types of messages the monitoring library can provide. - -n EnableDeprecatedMessages
- Enables deprecated, descriptive logon failure error messages, as follows:
EnableDeprecatedMessages Description no (default) Causes Vantage to return only generic logon failure error messages to users who attempt to logon unsuccessfully. yes Returns less secure, more descriptive logon failure error messages. - -o default
- The -o option cannot be used with the -g or -v option.Indicates that the other options specified in this invocation of gtwglobal should be saved as a set of user-defined default values. These defaults take precedence over the Teradata gateway control defaults, and will be used for new host groups and gateway vprocs when the system is reconfigured.Host groups and vprocs that existed before the reconfiguration retain their previous settings. To apply the custom defaults to all existing host groups and vprocs, use the -z option.
- -p LocalPEPreferredPercent
- Determines the Vantage preference or bias for assigning a new session to a local PE (a PE on the node containing the gateway that accepted the logon request) or assigning the session to a remote PE (a PE on a different node).
- -r IoThreadCheck
- Determines the frequency in minutes that the gateway checks to see if all the threads are busy.
- -s Sessions
- Specifies maximum sessions per gateway.
- --secpcynotsupported suboption [,…]
- Changes to this setting do not affect sessions logged on at the time of the change.
- --shutdowntimeout Timeoutvalue
- Sets the amount of time a client is allowed to take after the gateway does a partial TCP/IP socket close until the client must complete the close. The gateway does an abortive close to preemptively free the socket if the client does not complete the close in time.
- -t Timeoutvalue
- Determines how long a disconnected session has to reconnect in minutes. If the client has not reconnected within the specified time period, the client is logged off automatically.During this time period, the session still counts against the number of sessions allocated to a PE.
- --TLS [disable|enable|require|nolegacy] [,trace=no|yes|all]
- Configures TLS and turns on diagnostic trace.Changes to the disable|enable|require|nolegacy setting take effect after the next database restart.
Option Description enable Default. The gateway listens to both the HTTPS port (default is 443) and the legacy port (default is 1025) and accepts a new TLS connection through the HTTPS port and a new legacy connection through the legacy port. If the TLS flag is enabled, but there is not a valid certificate-private key pair installed on the node, the gateway will not be able to listen to the HTTPS port until a valid certificate-private key pair is installed.disable The gateway does not listen to the HTTPS port. It only listens to the legacy port and accepts a new legacy connection through the legacy port. require The gateway listens to both the HTTPS port and the legacy port and only accepts a new TLS connection through the HTTPS port. The gateway returns an error to the client application if it receives a legacy connection request from the legacy port. nolegacy The gateway only listens to the HTTPS port and accepts a new TLS connection through the HTTPS port. The gateway no longer listens to the legacy port. trace=no|yes|all no (default) The gateway only logs severe error events. yes The gateway logs both error and informational messages. all The gateway logs all messages, including errors, informational, and diagnostic logs. - -u SendConnectRespNoSecurity
- Specifies whether the gateway sends connection responses encrypted or cleartext, as follows:
SendConnectRespNoSecurity Description no (default) The logon response is encrypted. yes The logon response is in cleartext (unencrypted plain text). Teradata recommends that you use the default setting unless you use third-party activity-monitoring software that requires access to the contents of the connection responses. - -v Vprocnumber
- Specifies a vproc to which the vproc-specific settings in this invocation of gtwcontrol will be applied. If you do not specify this option, the vproc-specific settings apply to all vprocs.
- -x RequireConfidentiality
- Changes to this setting affect only sessions initiated after the change. To ensure that encryption is enforced on all sessions, Teradata recommends that the Teradata system be in a quiescent state (no users logged on) when -x is changed to yes.Determines whether the gateway requires that input messages be encrypted. The output from the gateway matches the security level of the input it receives, as follows:
RequireConfidentiality Description no (default) Does not require that input messages be encrypted. yes Requires input messages to be encrypted. The messages will automatically be encrypted by a client that supports the Enforce Network Security Policy feature, see Security Administration. Gateway will automatically force a session off if a message is received that is not encrypted. The following message types will be accepted, even if they are not encrypted: test, abort, assign, reassign, methods, SSO, logoff, or config.
- -z
- Sets gateway control to apply the user-defined defaults created with the -o default option to all current host groups and vprocs.
- -Z
- Sets gateway control to apply the original Teradata defaults to all current host groups and vprocs.
The following options should be used only for debugging the gateway under the direction of Teradata Support Center personnel.
- -1 logonname
- For remote gateway global access.
- -A
- Toggles assign tracing. The Teradata default is OFF.
- -C
- Toggles connection tracing. The Teradata default is OFF.
- -D
- Toggles no gtwdie. The Teradata default is OFF.
- -E
- Toggles event trace. The Teradata default is OFF.
- -H
- Toggles connect heap trace. The Teradata default is OFF.
- -I
- Toggles interactive mode. The Teradata default is OFF.
- -J
- Toggles log LAN errors. The Teradata default is OFF.
- -K
- Toggles session ctx lock trace. The Teradata default is OFF.
- -M
- Toggles message tracing. The Teradata default is OFF.
- -N
- Toggles logging of security mechanism selection by TDNEGO. Used for troubleshooting if TDNEGO is choosing the wrong security mechanism. The Teradata default is OFF.
- -O
- Toggles output LAN header on errors. The Teradata default is OFF.
- -R
- Toggles xport log all. The Teradata default is OFF.
- -S
- Toggles the action log. The Teradata default is OFF.
- -T
- Toggles allow gateway testing. The Teradata default is OFF.
- -U
- Toggles tdgss trace. The Teradata default is OFF.The -U option causes tdgss-related errors to be logged into the gateway log file for the purpose of diagnosing problems.
- -W
- Toggles wait for debugger to attach. The Teradata default is OFF.
- -X
- Toggles xport trace. The Teradata default is OFF.
- -Y
- Toggles handle trace. The Teradata default is OFF.