Modify TDGSS Properties Without TPA Reset | SQL Engine 17.10 | Teradata Vantage - 17.10 - Modify TDGSS Without a TPA Reset - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Release Summary

Advanced SQL Engine
Teradata Database
Release Number
Release Date
July 2021
Content Type
Release Notes
Publication ID
English (United States)

Previously, when the TDGSS configuration changed a TPA reset was required for the new values in the TDGSSCONFIG GDO to take effect. Now, the following can be modified without a TPA reset:

  • Any attribute or property whose name begins with "Ldap" for KRB5 and LDAP
  • MechanismEnabled property for KRB5, LDAP, JWT, and PROXY
  • AuthorizationSupported property for KRB5 and LDAP
  • LDAP Service ID and password with no impact to user LDAP logons
  • The following properties in the PROXY mechanism:
    • CertificateFile
    • PrivateKeyFile
    • PrivateKeyPassword
    • PrivateKeypasswordProtected
    • CACertFile
    • CACertDir
    • SigningHashAlgorithm
  • Any JWT mechanism property whose name begins with "JWT"
  • All canonicalizations including the lightweight authorization structures

Additionally, tdgsstestcfg is a new tool to test configuration changes before making them permanent with run_tdgssconfig.


  • Decreases downtime previously caused by mechanism property reconfiguration.
  • Simplifies steps when modifying mechanism properties.
  • The run_tdgssconfig tool informs you when a tpareset is required.


The following configuration changes still require a tpareset:

  • Changes to any mechanism property not mentioned above require a tpareset
  • QoP configuration
  • Local or global policy configuration, including service name changes

Additional Information

For more information about security, see Teradata Vantage™ - Advanced SQL Engine Security Administration, B035-1100.