SAP Sybase Event Stream Processor is designed to integrate with your
existing authentication framework whether you are using Kerberos, RSA, LDAP, SAP BI, or your
operating system’s native credential management system.
Note: Linux provides finger print authentication, which
ESPdoes not support. If this is enabled in the host
and ESP is using native operating system authentication,
ESP may shut down unexpectedly while authenticating
users.
The type of server authentication you use is selected at install time, but
you can configure the server to use a different authentication type if necessary.
When a user connects to a cluster on the
ESP server, his or her credentials are
verified with the active security provider. If authentication succeeds, the server
considers the user a valid client, and login is completed. The user receives a session ID
and, in subsequent communication, the client uses the session ID to verify itself.
Options
for server authentication include:
- Kerberos - ticket-based authentication
- RSA - requires a key alias, a keystore containing a private key, and the password of
the keystore
- Username/password, implemented using one of the following:
- LDAP credentials
- SAP BI credentials
- Native operating system credentials
(native
OS)
- Preconfigured
username/password
(in csi_local.xml)
Note:
Do not confuse server authentication–enforced when users connect to
remote clusters–with authentication on the local cluster–enforced when using the
Run Project option within
SAP Sybase Event Stream Processor Studio. Server authentication is enforced across
your network and is designed for use in a production environment. Local cluster
authentication is enforced only on a user's local machine and, like the local cluster
itself, is intended for a test environment. Authentication on the local cluster is
limited to username/password authentication and is based on the fixed username
studio. Users can enter any password for this
username to maintain a secure connection with the local cluster for the duration of the
SAP Sybase Event Stream Processor Studio session. The password is maintained in
memory and is not written to a disk. When the Studio session is terminated, the password
is discarded from memory. When connecting to the local cluster in a subsequent
SAP Sybase Event Stream Processor Studio session, users are once again required to
provide a password for the fixed username
studio.
This password does not have to be the same password set during the previous
SAP Sybase Event Stream Processor Studio session.
Authentication on the local cluster is provided automatically; there is
no additional configuration required.
For
details on the local cluster password,
see
the Studio Users Guide.