Mechanism Effects - Advanced SQL Engine

Mechanism Effects - Advanced SQL Engine - Teradata Database

Security Administration

Product

Advanced SQL Engine

Teradata Database

Release Number

17.05

17.00

Published

September 2020

Language

English (United States)

Last Update

2021-01-23

dita:mapPath

ied1556235912841.ditamap

dita:ditavalPath

lze1555437562152.ditaval

dita:id

B035-1100

lifecycle

Product Category

Teradata Vantage™

QOP enforcement varies depending on the authentication mechanism used for the session, as shown in the following table.

Mechanism	Enforcement Considerations
All mechanisms (without PROXY connection)	If the client does not specify confidentiality or integrity for a session, but a confidentiality or integrity QOP policy applies to the session, the system uses the applicable confidentiality or integrity. Involvement of specific security mechanisms can affect how the policy is enforced.
All mechanisms (with PROXY connection)	When the a session passes through a Unity server where the PROXY connection is configured, QOP applies as follows: If a QOP policy does not apply to the Unity user, the system uses the same QOP for transmissions between Unity and the destination database as for the message transmissions between the client and Unity. If a QOP policy applies to the Unity user, the system uses the Unity user QOP on message transmissions between the Unity server and the destination database.
TD2, LDAP, and JWT	If the client specifies confidentiality or integrity, the system defaults to the DEFAULT QOP. If an applicable QOP policy requires a stronger QOP than the default, the system uses the stronger QOP.
Kerberos	If the client specifies, or applicable policy requires, confidentiality or integrity, the system uses it. However, the QOP is determined by Kerberos, regardless of the default QOP or the QOP specified in the applicable policy.
SPNEGO