16.10 - Changing the TDGSS Configuration - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)
  1. On the Teradata Database node with the lowest ID number, navigate to the directory that provides access to TdgssUserConfigFile.xml.
    cd /opt/teradata/tdat/tdgss/site
  2. Make a backup copy of the TdgssUserConfigFile.xml and save it according to your site standard backup procedures.
  3. Open a text editor, such as vi, and bring up a working copy of the user configuration file:
    vi TdgssUserConfigFile.xml
  4. Edit the properties in the file by deleting the old values and entering new values in accordance with the editing guidelines for each property listed earlier in this chapter.
    Most mechanism properties work best using their factory preset values. Make sure of your reason for wanting to change a property value before you edit it.

    You can add optional LDAP properties to the KRB5, LDAP and SPNEGO mechanisms and edit their default values. Copy only the optional properties you want to use from the LDAP mechanism in the TdgssLibraryConfigFile.xml and paste them into the LDAP mechanism in the copy of the TdgssUserConfigFile.xml you are editing.

  5. You can use the tdgssauth utility to test the newly-configured LDAP properties for their effects on directory user authentication and authorization, before you commit the configuration changes to the TDGSSCONFIG GDO.
    tdgssauth -m ldap -u <dir_user>

    See Working with tdgssauth.

  6. After you complete editing and any needed testing, run the run_tdgssconfig utility to update the TDGSSCONFIG GDO.
    /opt/teradata/tdgss/bin/run_tdgssconfig
  7. Run tpareset to activate the changes to the TDGSS configuration.
    tpareset -f “use updated TDGSSCONFIG GDO”