Sets the TDS login mode.
iqsrv16 -tdsl { all | RSA | RSANonce }...
all
All operating systems and database servers.
This option restricts the type of TDS login requests that the database server supports.
| Mode type | Description |
|---|---|
| all |
Encrypted and unencrypted passwords are allowed (including those with a nonce) in TDS login requests: |
| RSA |
Only RSA encrypted passwords (including those with a nonce) are allowed in TDS login requests: |
| RSANonce |
Only RSA encrypted passwords with a nonce are allowed in TDS login requests: |
When you make login requests from a TDS application that supports RSA without a nonce, the database server generates a new set of encryption key for the login requests. Generating new encryption keys can be time-consuming.
When you make login requests from a TDS application that supports RSA with a nonce, the database server reuses a set of RSA encryption keys. These encryption keys are re-generated every 24 hours. By reusing the RSA encryption keys, performance can improve while protecting the database server from replay attacks.
Both jConnect and Open Client support RSA login requests with and without a nonce.