Previously, when the TDGSS configuration changed a TPA reset was required for the new values in the TDGSSCONFIG GDO to take effect. Now, the following can be modified without a TPA reset:
- Any attribute or property whose name begins with "Ldap" for KRB5 and LDAP
- MechanismEnabled property for KRB5, LDAP, JWT, and PROXY
- AuthorizationSupported property for KRB5 and LDAP
- LDAP Service ID and password with no impact to user LDAP logons
- The following properties in the PROXY mechanism:
- Any JWT mechanism property whose name begins with "JWT"
- All canonicalizations including the lightweight authorization structures
Additionally, tdgsstestcfg is a new tool to test configuration changes before making them permanent with run_tdgssconfig.
- Decreases downtime previously caused by mechanism property reconfiguration.
- Simplifies steps when modifying mechanism properties.
- The run_tdgssconfig tool informs you when a tpareset is required.
The following configuration changes still require a tpareset:
- Changes to any mechanism property not mentioned above require a tpareset
- QoP configuration
- Local or global policy configuration, including service name changes
- TDNEGO and SPNEGO
For more information about security, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.