When Adaptive Server is started with the Kerberos security mechanism enabled, Adaptive Server first uses the principal name specified with the -k option for Kerberos authentication. If the -k option is not specified, Adaptive Server looks for the principal name in the environment variable SYBASE_PRINCIPAL. If neither is specified, Adaptive Server uses the server name for authentication.
In the following example, let the Adaptive Server name be "ase1254"
and
the current realm name be "MYREALM.COM"
.
The Adaptive Server name is specified on the command line with -s parameter
to data server. The current realm is specified in libtcl.cfg by
a secbase
attribute value:
[SECURITY] csfkrb5=libskrb.so libgss=/krb5/lib/libgss.so secbase=@MYREALM.COM
The default Adaptive Server principal name is "ase1254@MYREALM.COM"
.
If the principal name defined in the Adaptive Server keytab file
is "aseprincipal@MYREALM.COM"
,
you can override the default Adaptive Server principal name by setting
a server principal name using options 1 or 2 below:
% $SYBASE/$SYBASE_ASE/bin/dataserver -dmaster.dat -s ase1254 -k aseprincipal@MYREALM.COM
The Adaptive Server principal name used to authenticate with
Kerberos is aseprincipal@MYREALM.COM
.
Option 2: ‘-k’ is not specified but SYBASE_PRINCIPAL is set
setenv SYBASE_PRINCIPAL aseprincipal@MYREALM.COM $SYBASE/$SYBASE_ASE/bin/dataserver –dmaster.dat -s ase1254
The Adaptive Server principal name used to authenticate with
Kerberos is the value of $SYBASE_PRINCIPAL, "aseprincipal@MYREALM.COM"
.
Option 3: Neither ‘-k’ nor SYBASE_PRINCIPAL is set
% $SYBASE/$SYBASE_ASE/bin/dataserver –dmaster.dat -s ase1254
The Adaptive Server principal name used to authenticate
with Kerberos is ase1254@MYREALM.COM
.
For more information about Kerberos, see the Security section of the System Administration Guide, Volume One.