16.10 - Disabling the LEGACY QOP - Teradata Database

Teradata Database Security Administration

prodname
Teradata Database
vrm_release
16.10
created_date
June 2017
category
Administration
Security
featnum
B035-1100-161K

After Teradata Tools and Utilities 14.0 or higher is installed on all clients and the LEGACY QOP is no longer needed, you can disable the LEGACY QOP for the LDAP and TD2 mechanisms to force stronger encryption.

  1. To disable the Legacy QOP edit the TdgssUserConfigFile.xml:
    • On systems upgraded to Teradata Database 14.10 from Release 13.10 or before the QOP section appears as:
      <MechQop Value="0"> GLOBAL_QOP_1 </MechQop>

      If you remove the GLOBAL_QOP_1, the remaining value disables the Legacy QOP:

      <MechQop Value="0"> </MechQop>
    • On systems with newly installed Teradata Database 14.0 or higher software, uncomment the Legacy QOP to appear as:
      <!-- LEGACY QOP -->
      <MechQop Value="0"/>
  2. After editing, run the run_tdgssconfig utility to update the TDGSSCONFIG GDO.
    /opt/teradata/tdgss/bin/run_tdgssconfig
  3. Run tpareset to activate the changes to the TDGSS configuration.
    tpareset -f “use updated TDGSSCONFIG GDO”