When Adaptive Server is started with the Kerberos security mechanism enabled, Adaptive Server first uses the principal name specified with the -k option for Kerberos authentication. If the -k option is not specified, Adaptive Server looks for the principal name in the environment variable SYBASE_PRINCIPAL. If neither is specified, Adaptive Server uses the server name for authentication.
In the following example, let the Adaptive Server name be "ase1254" and
the current realm name be "MYREALM.COM".
The Adaptive Server name is specified on the command line with -s parameter
to data server. The current realm is specified in libtcl.cfg by
a secbase attribute value:
[SECURITY] csfkrb5=libskrb.so libgss=/krb5/lib/libgss.so secbase=@MYREALM.COM
The default Adaptive Server principal name is "ase1254@MYREALM.COM".
If the principal name defined in the Adaptive Server keytab file
is "aseprincipal@MYREALM.COM",
you can override the default Adaptive Server principal name by setting
a server principal name using options 1 or 2 below:
% $SYBASE/$SYBASE_ASE/bin/dataserver -dmaster.dat -s ase1254 -k aseprincipal@MYREALM.COM
The Adaptive Server principal name used to authenticate with
Kerberos is aseprincipal@MYREALM.COM.
Option 2: ‘-k’ is not specified but SYBASE_PRINCIPAL is set
setenv SYBASE_PRINCIPAL aseprincipal@MYREALM.COM $SYBASE/$SYBASE_ASE/bin/dataserver –dmaster.dat -s ase1254
The Adaptive Server principal name used to authenticate with
Kerberos is the value of $SYBASE_PRINCIPAL, "aseprincipal@MYREALM.COM".
Option 3: Neither ‘-k’ nor SYBASE_PRINCIPAL is set
% $SYBASE/$SYBASE_ASE/bin/dataserver –dmaster.dat -s ase1254
The Adaptive Server principal name used to authenticate
with Kerberos is ase1254@MYREALM.COM.
For more information about Kerberos, see the Security section of the System Administration Guide, Volume One.
