16.10 - PROXY Mechanism - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

The PROXY mechanism supports user logons through Unity, acting as a proxy for the authentication mechanism in effect at logon and passing user credential information to connected Teradata Database systems.

PROXY appears in the TdgssLibraryConfigFile.xml for all installations of Teradata Database, however, to make a configuration change to PROXY, you must manually copy the mechanism from the TdgssLibraryConfigFile.xml and add it to the TdgssUserConfigFile.xml.

By default, the MechanismEnabled property is set to yes in the TDGSS version of the TdgssLibraryConfigFile.xml.
<Mechanism Name="PROXY"
            ObjectId="1.3.6.1.4.1.28698.4.302.1.2"
            LibraryName="gssp2proxy"
            Prefix="Proxy"
            InterfaceType="custom">
            <MechanismProperties
                AuthenticationSupported="yes"
                AuthorizationSupported="yes"
                SingleSignOnSupported="no"
                DefaultMechanism="no"
                MechanismEnabled="yes"
                MechanismRank="80"
                GenerateCredentialFromLogon="yes"
                DelegateCredentials="no"
                MutualAuthentication="yes"
                ReplayDetection="yes"
                OutOfSequenceDetection="yes"
                ConfidentialityDesired="yes"
                IntegrityDesired="yes"
                AnonymousAuthentication="no"
                DesiredContextTime=""
                DesiredCredentialTime=""
                CredentialUsage="0"
                DHKeyP2048="8AB3F86E8D374B782F31DAD5F27D6AFDA30150C11A20CF6346712AE2D2C6B70A5B79D45D4C0C232A065B207B121B2C33E147B5983C38A1087F272703B0B839CBA6F71C5D0EB51EC890934EACF2C7DD2A1DF6F55E89B145A0359D35EF8FB6C561E157B13FF927A35E69963648614902B1034EF71197F545DEF3236244EADAE0689E624CF1245953630AE042BD797C4025E37C51D9F6CBDA0B2278FA7D5CA2D9CA930BE2968330C811A4BA4D0845333C0D62E3EE742154F6B62F2951CD8C73C43B5AA1C7819DEF1D7C9314411E465F8E4796666594AADE0AEB3F1256E5719E7AE54DD34FFDA949634E4A293C5BC60AF258BB9FE558086E83B3DD3D7491966DEE93"
DHKeyG2048="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005"
                ProxySupported="yes"
                CertificateFile=""
                PrivateKeyFile=""
                PrivateKeyPassword=""
                PrivateKeyPasswordProtected="no"
                CACertFile=""
                CACertDir=""
                SigningHashAlgorithm="SHA256"
           <! -- Low, Medium and High QOP values are all set to "Default"
                unless the Low, Medium and High values are explicitly
                set in TdgssUserConfigFile.xml -->
            <! -- DEFAULT QOP -->
            <MechQop Value="Default">
                AES-K128_CBC_PKCS5Padding_SHA1_DH-K2048
            </MechQop>
            <!-- LOW SECURITY QOP (not available in 14.0)
            <MechQop Value="Low">
                AES-K128_CBC_PKCS5Padding_SHA1_DH-K2048
            </MechQop>  -->
            <!-- MEDIUM SECURITY QOP (not available in 14.0)
            <MechQop Value="Medium">
                AES-K192_CBC_PKCS5Padding_SHA1_DH-K2048
            </MechQop>  -->
            <!-- HIGH SECURITY QOP (not available in 14.0)
            <MechQop Value="High">
                AES-K256_CBC_PKCS5Padding_SHA1_DH-K2048
            </MechQop>  -->
        </Mechanism>