Specifying the Adaptive Server principal name

Use the DSLISTEN and DSQUERY environment variables, or the dataserver -sserver_name command line option to specify the Adaptive Server name.

Use either the setenv command or the -k dataserver option to set the principal name.

By default, the principal name is the name of Adaptive Server. To specify a different name, set SYBASE_PRINCIPAL before starting Adaptive Server to use Kerberos:

setenv SYBASE_PRINCIPAL <name of principal>

Once you have set an Adaptive Server principal name, Adaptive Server uses the value of this variable to authenticate itself to Kerberos.

To specify an Adaptive Server principal name when starting Adaptive Server, use:

-k <server principal name>

When you start an Adaptive Server with the Kerberos security mechanism enabled, Adaptive Server first uses the principal name specified with the -k option for Kerberos authentication. If the -k option is not specified, Adaptive Server looks for the principal name in the environment variable SYBASE_PRINCIPAL. If neither is specified, Adaptive Server uses the server name for authentication.

Adaptive Server accepts Kerberos Open Client connections that use different server principal names if the entry for the principal name is present in the keytab file. To allow connections with different principal names:

• Pass an empty string as a parameter for the -k option, or

• Set the SYBASE_PRINCIPAL environment variable to "". For example:

  export SYBASE_PRINCIPAL=""
  

In this example, the Adaptive Server name is “secure_ase” and the realm name is “MYREALM.COM.” The Adaptive Server name is specified on the command line with -s parameter to the dataserver. The current realm is specified in libtcl.cfg by a secbase attribute value:

[SECURITY]
csfkrb5=libskrb.so libgss=/krb5/lib/libgss.so secbase=@MYREALM.COM

The default Adaptive Server principal name is “secure_ase@MYREALM.COM.” If the principal name defined in the Adaptive Server keytab file is “aseprincipal@MYREALM.COM,” you can override the default Adaptive Server principal name by setting a server principal name using options 1 or 2 below:

• Option 1, specify -k '':

  % 
  $SYBASE/$SYBASE_ASE/bin/dataserver -dmaster.dat 
  -s secure_ase -k aseprincipal@MYREALM.COM
  

  The Adaptive Server principal name used to authenticate with Kerberos is “aseprincipal@MYREALM.COM.”

• Option 2, set SYBASE_PRINCIPAL:

  setenv SYBASE_PRINCIPAL aseprincipal@MYREALM.COM
  $SYBASE/$SYBASE_ASE/bin/dataserver –dmaster.dat 
  -s secure_ase 
  

  The Adaptive Server principal name used to authenticate with Kerberos is “aseprincipal@MYREALM.COM,” the value of $SYBASE_PRINCIPAL.

• Option 3, neither -k nor SYBASE_PRINCIPAL is set:

  % $SYBASE/$SYBASE_ASE/bin/dataserver –dmaster.dat 
  -s secure_ase 
  

  The Adaptive Server principal name used to authenticate with Kerberos is “secure_ase@MYREALM.COM.”