16.10 - Mechanism Effects - Teradata Database

Teradata Database Security Administration

Teradata Database
June 2017

QOP enforcement varies depending on the authentication mechanism used for the session, as shown in the following table.

Mechanism Enforcement Considerations
All mechanisms (without PROXY connection) If the client does not specify confidentiality or integrity for a session, but a confidentiality or integrity QOP policy applies to the session, the system uses the applicable confidentiality or integrity. Involvement of specific security mechanisms can affect how the policy is enforced.
All mechanisms (with PROXY connection) When the a session passes through a Unity server where the PROXY connection is configured, QOP applies as follows:
  • If a QOP policy does not apply to the Unity user, the system uses the same QOP for transmissions between Unity and the destination database as for the message transmissions between the client and Unity.
  • If a QOP policy applies to the Unity user, the system uses the Unity user QOP on message transmissions between the Unity server and the destination database.
TD2 and LDAP If the client specifies confidentiality or integrity, the system defaults to the DEFAULT QOP.

If an applicable QOP policy requires a stronger QOP than the default, the system uses the stronger QOP.

Kerberos If the client specifies, or applicable policy requires, confidentiality or integrity, the system uses it. However, the QOP is determined by Kerberos, regardless of the default QOP or the QOP specified in the applicable policy.