PROXY Mechanism | Teradata Vantage - PROXY Mechanism - Advanced SQL Engine - Teradata Database

The PROXY mechanism supports user logons through Unity, acting as a proxy for the authentication mechanism in effect at logon and passing user credential information to connected Teradata Vantage systems.

PROXY appears in the TdgssLibraryConfigFile.xml for all installations of Vantage, however, to make a configuration change to PROXY, you must manually copy the mechanism from the TdgssLibraryConfigFile.xml and add it to the TDGSS configuration file.

You can modify some PROXY support properties without performing a TPA reset. For example, the following can be modified without a TPA reset: MechanismEnabled, CertificateFile, PrivateKeyFile, PrivateKeyPassword, PrivateKeyPasswordProtected, CACertFile, CACertDir, and SigningHashAlgorithm. The rest are either not modifiable or require a TPA reset if you do modify them. run_tdgssconfig indicates when you need to do a TPA reset.

<Mechanism Name="PROXY"
            ObjectId="1.3.6.1.4.1.28698.4.302.1.2"
            LibraryName="gssp2proxy"
            Prefix="Proxy"
            InterfaceType="custom">
            <MechanismProperties
                AuthenticationSupported="yes"
                AuthorizationSupported="yes"
                SingleSignOnSupported="no"
                DefaultMechanism="no"
                MechanismEnabled="yes"
                MechanismRank="80"
                GenerateCredentialFromLogon="yes"
                DelegateCredentials="no"
                MutualAuthentication="yes"
                ReplayDetection="yes"
                OutOfSequenceDetection="yes"
                ConfidentialityDesired="yes"
                IntegrityDesired="yes"
                AnonymousAuthentication="no"
                DesiredContextTime=""
                DesiredCredentialTime=""
                CredentialUsage="0"
                DHKeyP2048="8AB3F86E8D374B782F31DAD5F27D6AFDA30150C11A20CF6346712AE2D2C6B70A5B79D45D4C0C232A065B207B121B2C33E147B5983C38A1087F272703B0B839CBA6F71C5D0EB51EC890934EACF2C7DD2A1DF6F55E89B145A0359D35EF8FB6C561E157B13FF927A35E69963648614902B1034EF71197F545DEF3236244EADAE0689E624CF1245953630AE042BD797C4025E37C51D9F6CBDA0B2278FA7D5CA2D9CA930BE2968330C811A4BA4D0845333C0D62E3EE742154F6B62F2951CD8C73C43B5AA1C7819DEF1D7C9314411E465F8E4796666594AADE0AEB3F1256E5719E7AE54DD34FFDA949634E4A293C5BC60AF258BB9FE558086E83B3DD3D7491966DEE93"
DHKeyG2048="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005"
                ProxySupported="yes"
                CertificateFile=""
                PrivateKeyFile=""
                PrivateKeyPassword=""
                PrivateKeyPasswordProtected="no"
                CACertFile=""
                CACertDir=""
                SigningHashAlgorithm="SHA256"
                />
            <MechQop Value="Default">
                AES-K128_GCM_PKCS5Padding_SHA2_DH-K2048
                AES-K128_CBC_PKCS5Padding_SHA1_DH-K2048
                AES-K192_GCM_PKCS5Padding_SHA2_DH-K2048
                AES-K192_CBC_PKCS5Padding_SHA1_DH-K2048
                AES-K256_GCM_PKCS5Padding_SHA2_DH-K2048
                AES-K256_CBC_PKCS5Padding_SHA1_DH-K2048
            </MechQop>
        </Mechanism>