Users who log on with the TD2 mechanism are not subject to local policy because they are not authenticated or authorized in the directory. When you specify a Teradata Database username for -u, TDGSS looks in the TdgssUserConfigFile.xml to see if a global policy applies to the user.
$ tdspolicy -u td2user –i 220.127.116.11 Querying policy using the following parameters: Teradata user: td2user IP address: 18.104.22.168 Mechanisms: td2 Confidentiality QoPs: default
where the Teradata Database user specified by -u:
- Can use only the TD2 mechanism to log on.
- Confidentiality is required, but because a TD2 user is not authenticated or authorized in the directory, QOP strength defaults to the DEFAULT QOP.