Following is the syntax for a security driver entry:
provider=driver init_string
where:
provider is the local name for the security mechanism. The local name of the security mechanism is listed in the object identifiers file, %SYBASE%\%SYBASE_OCS%\ini\objectid.dat.
See “The objectid.dat file” for information about the objectid.dat file.
driver is the name of the driver. The default location for drivers is in SYBASE_home\OCS-12_5\dll. The options for driver for Windows NT, Windows 2000, Windows 2003, and Windows XP are:
Driver name |
Description |
---|---|
libsdce.dll |
Gradient DCE driver |
libsmssp.dll |
Windows LAN Manager driver |
libskrb.dll |
Kerberos security driver |
init_string is an initialization string for the security driver. This element is optional. The value for init_string varies by driver.
For the Kerberos driver, init_string specifies the optional qualifier for the security principal names. The syntax for init_string is as follows, where realm is the value to append to a principal name if the realm information is not available. If the realm name does not start with an “at” sign (@), a forward slash (/) is inserted between the principal name and the realm information.
secbase=realm
Support for the Kerberos security driver is added to Open Client and Open Server. To use the Kerberos security driver, you must do one of the following:
Use the ocscfg utility to make an addition to the Security Services.
Edit the libtcl.cfg directly in the %SYBASE%\%SYBASE_OCS%\ini directory.
To use ocscfg, navigate to the Security Services tab and click Add. Complete the dialog box:
Local Name: Enter csfkrb5, or the name you assigned to the Kerberos driver in the objectid.dat file.
Security Service Driver: Choose LIBSKRB from the Security Service Init String menu.
When you have entered these two items, click OK. The entry should now appear in the dialog box on the Security Services tab.
If you prefer to edit the libtcl.cfg file directly, set the provider value for the Kerberos security driver to csfkrb5, or to the value you assigned to the Kerberos security driver in the objectid.dat file. Set the driver value to LIBSKRB. You need to provide an initialization string in the libtcl.cfg of the form:
secbase=@your_realm_name
where your_realm_name is the realm where your Kerberos principal is located. For example:
[SECURITY] csfkrb5=libskrb secbase=@MYDOMAIN.COM
See Appendix C, “Localization,” for information on the objectid.dat localization file.
If you use DCE security service, initialization string information in the libtcl.cfg file uses this syntax:
secbase=/.../dce_cell_name
For example:
secbase=/.../dsatestcell