Disabling enhanced cryptography support

Follow these steps to disable the enhanced cryptography support on your Netezza Performance Server system.

About this task

Typically, you would not disable cryptography support unless you were evaluating and testing the enhanced cryptography support and have decided not to use it, or if you are troubleshooting a configuration problem that is preventing you from starting the NPS software. You can disable cryptography support temporarily to start the NPS software, investigate and debug the problem, and then you can re-enable the cryptography support and restart the NPS software.

Procedure

  1. Log in to the Netezza Performance Server system as the nz user.
  2. Run the following command:
    [nz@nzhost1 ~]$ nzconfigcrypto -disable
    Checking support for crypto standard in NPS
    Checking and updating postgresql.conf file
    Successfully updated parameter enable_crypto_std_v1
    
    Crypto mode successfully disabled
    You may now restart NPS

Results

The script disables cryptography support by setting the enable_crypto_srd_v1 variable to false in the /nz/data/config/postgresql.conf file. You must stop and restart the NPS software for the change to take effect and to fully disable the enhanced cryptography support.

Optionally, you can verify that the support is disabled by running the following command to confirm that the variable has a value of false:

[nz@nzhost1 ~]$ grep crypto /nz/data/postgresql.conf
# enable (crypto) keys
enable_crypto_std_v1 = false
If the value is true, run the nzconfigcrypto -disable command again to disable the support.

You should verify that the host key value for your system is still correct. The enhanced crypto support is disabled, but the command does not change the host key from its current value, which is the AES_256 key that you used for the enhanced crypto support. To display the current key, connect to a database and run the following command:

NEWDB.MYUSR(MYUSR)=> SHOW SYSTEM DEFAULT HOSTKEY;
NOTICE:  'HOST KEY' = 'KS1.KEY1'
SHOW VARIABLE

If you want to change the host key to another value, use the SET SYSTEM DEFAULT HOSTKEY TO name command.