16.10 - Disabling the LEGACY QOP - Teradata Database

Teradata Database Security Administration

Product
Teradata Database
Release Number
16.10
Release Date
June 2017
Content Type
Administration
Security
Publication ID
B035-1100-161K
Language
English (United States)

After Teradata Tools and Utilities 14.0 or higher is installed on all clients and the LEGACY QOP is no longer needed, you can disable the LEGACY QOP for the LDAP and TD2 mechanisms to force stronger encryption.

  1. To disable the Legacy QOP edit the TdgssUserConfigFile.xml:
    • On systems upgraded to Teradata Database 14.10 from Release 13.10 or before the QOP section appears as:
      <MechQop Value="0"> GLOBAL_QOP_1 </MechQop>

      If you remove the GLOBAL_QOP_1, the remaining value disables the Legacy QOP:

      <MechQop Value="0"> </MechQop>
    • On systems with newly installed Teradata Database 14.0 or higher software, uncomment the Legacy QOP to appear as:
      <!-- LEGACY QOP -->
      <MechQop Value="0"/>
  2. After editing, run the run_tdgssconfig utility to update the TDGSSCONFIG GDO.
    /opt/teradata/tdgss/bin/run_tdgssconfig
  3. Run tpareset to activate the changes to the TDGSS configuration.
    tpareset -f “use updated TDGSSCONFIG GDO”