Configuring DA Agent for Kerberos

Configure your DA agent to accept Kerberos settings in a distributed deployment when connecting to a database using Java Database Connectivity (JDBC).

In this example, the remote DA agent is installed on the same server called “omnivore.”
Note: In a standalone DA server deployment, use the same steps described in this procedure to configure the local agent (embedded with DA server) to work with Kerberos.
  1. Go to $SYBASE/DA-15_5/agent/myagent/myagent.cfg.
  2. Edit the myagent.cfg file to set sun.security.krb5.debug to true:
    # 
 # Kerberos 
 # 
 javax.security.auth.useSubjectCredsOnly=false 
 java.security.auth.login.config=${da.container.home}/security/kerberos.conf 
 sun.security.krb5.debug=true
  3. Go to $SYBASE/DA-15_5/myagent/myagent/security/.
  4. Edit the kerberos.conf file to include the principal name and the keytab file location:
    com.sun.security.jgss.initiate { 
         com.sun.security.auth.module.Krb5LoginModule required doNotPrompt=true 
         debug=true principal=USERNAME 
         useKeyTab=true keyTab="C:\\ASE1503_krb\\SERVERNAME_key" storeKey=true;
  5. Restart the DA agent.
  6. Verify that DA agent is installed on the server “omnivore”:
    show agent a1
go
     NAME         HOST      PORT USER      DESCRIPTION
 ------------ --------- ---- --------- --------------
 a1           omnivore  4510 da_admin
(0 rows affected)
  7. Create a database connection for the DA agent “a1” with the dummy user name “my_user”:
    create connection c2
set agent a1
and set host omnivore
and set port 5000
and set database dadb
and set user my_user
with properties
 set request_kerberos_session true
	and set service_principal_name “OMNIVORE@ASE”
go
  8. Test the database connection settings:
    test connection c2
go
      
RESULT
----------
Succeeded
(0 rows affected)
Parent topic: Security and Access Control