Modify TDGSS Properties Without TPA Reset | SQL Engine 17.10 | Teradata Vantage - 17.10 - Modify TDGSS Without a TPA Reset - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Release Summary

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Release Notes
Publication ID
B035-1098-171K
Language
English (United States)

Previously, when the TDGSS configuration changed a TPA reset was required for the new values in the TDGSSCONFIG GDO to take effect. Now, the following can be modified without a TPA reset:

  • Any attribute or property whose name begins with "Ldap" for KRB5 and LDAP
  • MechanismEnabled property for KRB5, LDAP, JWT, and PROXY
  • AuthorizationSupported property for KRB5 and LDAP
  • LDAP Service ID and password with no impact to user LDAP logons
  • The following properties in the PROXY mechanism:
    • CertificateFile
    • PrivateKeyFile
    • PrivateKeyPassword
    • PrivateKeypasswordProtected
    • CACertFile
    • CACertDir
    • SigningHashAlgorithm
  • Any JWT mechanism property whose name begins with "JWT"
  • All canonicalizations including the lightweight authorization structures

Additionally, tdgsstestcfg is a new tool to test configuration changes before making them permanent with run_tdgssconfig.

Benefits

  • Decreases downtime previously caused by mechanism property reconfiguration.
  • Simplifies steps when modifying mechanism properties.
  • The run_tdgssconfig tool informs you when a tpareset is required.

Considerations

The following configuration changes still require a tpareset:

  • Changes to any mechanism property not mentioned above require a tpareset
  • QoP configuration
  • Local or global policy configuration, including service name changes
  • TDNEGO and SPNEGO

Additional Information

For more information about security, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.