The Sybase Control Center
security model delegates user authentication to the operating system or to your LDAP server.
When Sybase Control Center authenticates through the operating system, it uses the operating system of the Sybase Control Center server machine (not the client). Sybase Control Center requires each authenticated login account to have a predefined role. When a login is authenticated, roles for the login are retrieved by the security module and are mapped to Sybase Control Center predefined roles. Authorization is resolved through the mappings between the security module native roles and Sybase Control Center roles. You can enable mappings by creating a "sybase" group in your operating system or LDAP server and adding all Sybase Control Center users, or by modifying the Sybase Control Center roles-map.xml file to configure the mapping of native roles to Sybase Control Center roles. The security model authenticates the logins and authorizes access to managed resources.
Sybase Control Center provides a set of three predefined login modules for authentication. All login
modules are defined in the
<install_location>/SCC-3_0/conf/csi.properties file. The syntax is defined by the Sybase
Common Security Infrastructure (CSI) framework. You can configure the different login modules to customize security strength. The three login modules are:
- Simple Login – defines a user name, password, and a list of roles. The default user name is “sccadmin” with a blank password and a native role of “sccAdminRole”. You can create additional accounts by adding simple login modules to csi.properties. However, Sybase does not recommend the use of simple login modules for authentication in production environments.
- NT Proxy Login – delegates authentication to the underlying Windows operating system. When you log in to Sybase Control Center through an NT Proxy Login module, enter your user name in the format username@nt-domain-name. For example, user@sybase. Windows authentication is enabled by default, but it requires some configuration.
- UNIX Proxy Login – delegates authentication to the underlying UNIX or Linux operating system using Pluggable Authentication Modules (PAM). UNIX authentication is enabled by default, but it requires some configuration.
In addition, you can add an LDAP login module that delegates authentication to an LDAP server you specify.