Disabling enhanced cryptography support
Follow these steps to disable the enhanced cryptography support on your Netezza Performance Server system.
About this task
Typically, you would not disable cryptography support unless you were evaluating and testing the enhanced cryptography support and have decided not to use it, or if you are troubleshooting a configuration problem that is preventing you from starting the NPS software. You can disable cryptography support temporarily to start the NPS software, investigate and debug the problem, and then you can re-enable the cryptography support and restart the NPS software.
Procedure
Results
The script disables cryptography support by setting the enable_crypto_srd_v1 variable to false in the /nz/data/config/postgresql.conf file. You must stop and restart the NPS software for the change to take effect and to fully disable the enhanced cryptography support.
Optionally, you can verify that the
support is disabled by running the following command to confirm that
the variable has a value of false
:
[nz@nzhost1 ~]$ grep crypto /nz/data/postgresql.conf
# enable (crypto) keys
enable_crypto_std_v1 = false
If the value is true, run
the nzconfigcrypto -disable command again to disable
the support.You should verify that the host key value for your system is still correct. The enhanced crypto support is disabled, but the command does not change the host key from its current value, which is the AES_256 key that you used for the enhanced crypto support. To display the current key, connect to a database and run the following command:
NEWDB.MYUSR(MYUSR)=> SHOW SYSTEM DEFAULT HOSTKEY;
NOTICE: 'HOST KEY' = 'KS1.KEY1'
SHOW VARIABLE
If you want to change the host key to another value, use the SET SYSTEM DEFAULT HOSTKEY TO name command.