16.10 - QOP Configuration Change Guidelines - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K
  • The system attempts to use the first DEFAULT QOP listed, but tries others if the first QOP does not work. For example, Java clients do not support encryption stronger than AES-128 without installation of a special security policy package, and will use AES-128 regardless of what QOP is listed first.

    To allow Java clients to use stronger encryption, download the JAVA Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files and copy the jar files to the <JRE home>/lib/security directory.

  • You can delete QOPs from the DEFAULT QOP list to narrow the encryption options.
  • Changing the TDGSS configuration on a database system requires a tpareset, during which the database is temporarily unavailable. Plan to make QOP changes along with other TDGSS configuration changes to minimize downtime.
  • If users log on through Unity you must also configure QOP on the Unity server. If you want the QOP setting to be the same for users who log on through Unity as it is for users logging directly on to the database, the QOP configuration should match between the Unity server and each connected database.