16.10 - General Rules for Editing the TDGSS Configuration - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K
  • You can individually enable or disable authentication mechanisms, but a logon fails if the operant mechanism for a session is disabled on the client, the Unity server (if used) or the database. This is true for both system-selected (default) and user-selected mechanisms.
  • Security requirements may vary among Teradata clients. You may find it useful to configure and enable a different set of mechanisms or define a different default mechanism for different clients.
  • You can designate only one mechanism as the default mechanism. The system automatically uses the default, so users do not need to specify the mechanism at logon.
  • Before you edit the value of a mechanism property, review the editing guidelines for the property. See the topics beginning with Mechanism Properties.
  • Most mechanism properties are editable only on Teradata Database nodes, and on the Unity server, if used.
  • On Teradata clients, only the MechanismEnabled and DefaultMechanism properties can be configured.
  • If no mechanism is specified in a user logon, job script, or client application preset, the system uses the first configured DefaultMechanism it finds, in the following order:
    1. Client TdgssUserConfigFile.xml default
    2. Unity (if used) the configured Unity default. For information about the TDGSS configuration on Unity, see Teradata Unity Installation, Configuration, and Upgrade Guide for Customers.
    3. Teradata Database TdgssUserConfigFile.xml default
  • You must edit certain properties as part of implementing common security administration strategies, for example, directory authentication and authorization, or use of Teradata Unity.
  • Some optional properties and mechanisms do not appear in the TdgssUserConfigFile.xml. You must manually copy them from the TdgssLibraryConfigFile.xml and add them to the TdgssUserConfigFile.xml before configuring them.