When a user with a valid credential from a security mechanism logs in to Adaptive Server, the server checks whether the user name exists in master..syslogins. If it does, Adaptive Server uses that user name. For example, if a user logs in to the Kerberos security mechanism as “ralph,” and “ralph” is in master..syslogins, Adaptive Server uses all roles and authorizations defined for “ralph” in the server.
However, if a user with a valid credential logs in to Adaptive Server, but is unknown to the server, the login is accepted only if a secure default login is defined with sp_configure. Adaptive Server uses the default login for any user who is not defined in master..syslogins, but who is preauthenticated by a security mechanism. The syntax is:
sp_configure "secure default login", 0, login_name
The default value for secure default login is “guest.”
A secure default login must also be a valid login in master..syslogins. For example, to set the “gen_auth” as the default login:
Use create login to add the login as a valid user in Adaptive Server:
create login gen_auth with password pwgenau
This procedure sets the initial password to “pwgenau”.
Designate the login as the security default:
sp_configure "secure default login", 0, gen_auth
Adaptive Server uses this login for a user who is preauthenticated by a security mechanism but is unknown to Adaptive Server.
More than one user can assume the suid associated
with the secure default login. Therefore, you might want to activate
auditing for all activities of the default login. You may also want
to consider using create loign to add all users
to the server.
